date:20161117

RE: Microsoft NPS as RADIUS for 802.1X Wi-Fi?

2016-11-17 Thread Edward Ip

We have being using Microsoft NPS in a cluster as Radius for 80.21X for a while 
now. Our normal concurrent client load is about 12,000 users.

Monitoring is now done via Airwave, specifically using the Clarity feature. In 
the pass, we used Solarwinds to query our Aruba controllers for the statistics 
and then graphing it in Solarwinds.

We are not doing anything fancy with the NPS servers. My network architect 
wants to be able to query the AD network and set up network policies (like 
bandwidth control and app control) using Bluecoat PacketShaper and the 
Authentication and Authorization Agent (BCAAA) with User Awareness feature. 
However, the NPS servers do not update our ad directory with regards to what IP 
address the wireless client is currently using. So this feature is not useable 
on our wireless client (works great on wired domain clients). Investigating if 
we can use ClearPass to give the bluecoat the required information.

Edward Ip
Algonquin College | 1385 Woodroffe Avenue | Room C316 | Ottawa | Ontario | K2G 
1V8 | Canada
algonquincollege.com

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, November 16, 2016 9:40 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi?

Hello to the awesome group.

We've used Cisco ACS with general satisfaction for many years as the RADIUS 
solution for our very, very large WLAN's 802.1X authentication. We also have 
Aruba Clearpass in-house for guest wireless, and have poked around at ISE a 
bit. We're weighing replacing our aging ACS environment, but as many of you 
know times are changing. When you shop for RADIUS, you have to wade through the 
fog of NAC systems because everything is getting ever more "feature rich". For 
major vendors, RADIUS is just a slice of NAC now, and since everybody "is a 
software company!" licensing can be ugly. I'm not slamming those who find value 
in the many interesting features that the likes of ISE and Clearpass offer, but 
I also can't help but be drawn to Microsoft NPS when I think about going 
forward with simple RADIUS.

Way back when, we avoided Microsoft in this role as the reporting wasn't 
particularly strong when it came time to troubleshoot clients. We *may* have 
found relief to this through Splunk, and also enjoy a robust Windows server 
environment staffed by absolutely brilliant MS-minded veteran admins.

All that being said- is anyone using NPS as their RADIUS solution for a large 
secure WLAN environment? Can you share likes, dislikes, regrets, endorsements, 
horror stories, tales of success, etc?


(Any vendor reps lurking- no, I'm not open to hearing about other RADIUS 
solutions. Please, no calls or emails)


Kind regards-

Lee Badman | CWNE #200 | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] on-boarding of personal wireless devices

2016-11-17 Thread Urrea, Nick

I forgot to mention UC Hastings uses Cisco wireless.

---
Nicholas Urrea
UC Hastings College of the Law
Network and Systems Engineer

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh
Sent: Thursday, November 17, 2016 11:00 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] on-boarding of personal wireless devices

On Thu Nov 17 2016 12:55:37 CST, "Urrea, Nick"  wrote:
> 
> We at UC Hastings would like to create/deploy an automated on-boarding 
> solution for wireless personal devices such as Xbox, Roku, Apple TV, 
> Chromecast, etc.
> Any advice would be greatly appreciated.

The wireless network team here used the ClearPass system this fall to roll out 
a new SSID for these types of devices this fall for our students. 

Basically students can register their devices via self service portal.  

--
Julian Y. Koh
Associate Director, Telecommunications and Network Services Northwestern 
Information Technology

2001 Sheridan Road #G-166
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site:  PGP Public 
Key:

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] on-boarding of personal wireless devices

2016-11-17 Thread Chuck Enfield

Clearpass works fine with Cisco APs for auth, onboarding, and RADIUS CoA.  There are some advantages to pairing Cisco APs with ISE, and Aruba APs with Clearpass, but the core functionality works across platforms.

**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] on-boarding of personal wireless devices

2016-11-17 Thread Julian Y Koh

On Thu Nov 17 2016 12:55:37 CST, "Urrea, Nick"  wrote:
> 
> We at UC Hastings would like to create/deploy an automated on-boarding 
> solution for wireless personal devices such as Xbox, Roku, Apple TV, 
> Chromecast, etc.
> Any advice would be greatly appreciated.

The wireless network team here used the ClearPass system this fall to roll out 
a new SSID for these types of devices this fall for our students. 

Basically students can register their devices via self service portal.  

-- 
Julian Y. Koh
Associate Director, Telecommunications and Network Services
Northwestern Information Technology

2001 Sheridan Road #G-166
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: 
PGP Public Key:

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

on-boarding of personal wireless devices

2016-11-17 Thread Urrea, Nick

We at UC Hastings would like to create/deploy an automated on-boarding solution 
for wireless personal devices such as Xbox, Roku, Apple TV, Chromecast, etc.
Any advice would be greatly appreciated.


---
Nicholas Urrea
UC Hastings College of the Law
Network and Systems Engineer
Information Technology
e: urr...@uchastings.edu
ext: 4718
helpdesk:
e: helpd...@uchastings.edu
ph: 415-565-4625



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: Microsoft NPS as RADIUS for 802.1X Wi-Fi?

2016-11-17 Thread Lee H Badman

Thanks, Jen.

?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of Jennifer Francis Wilson 

Sent: Thursday, November 17, 2016 8:48 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi?

Been using IAS and now NPS for several years for our wireless auth.

We are a reasonable size institution (13,000 peak concurrent wireless devices 
connected) and have not had any issues with it.

We run 2 main servers and 1 eduroam server sitting on the outside that decides 
where to send eduroam auth requests, internally or externally. (all VMs, 1 Xeon 
E5-2670 v3 core, 4GB ram on each)

Having said that, we don't do any kind of performance monitoring or get stats 
on the servers (I guess mainly because they have just worked).
We don't do any realm stripping.
Logs are left on the servers on a compressed drive (last six months worth is 
around 20GB size (5GB on the drive))
We use glogg to look at the log files if we are investigating issues.

We are starting to set up clearpass, but only for guests currently, though the 
boxes should be big enough to handle our full radius load too, eventually.

Regards,

Jen.

Jennifer Wilson
Senior IT Network Analyst
University of Central Lancashire
01772 89 2116

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: 16 November 2016 14:40
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi?

Hello to the awesome group.

We've used Cisco ACS with general satisfaction for many years as the RADIUS 
solution for our very, very large WLAN's 802.1X authentication. We also have 
Aruba Clearpass in-house for guest wireless, and have poked around at ISE a 
bit. We're weighing replacing our aging ACS environment, but as many of you 
know times are changing. When you shop for RADIUS, you have to wade through the 
fog of NAC systems because everything is getting ever more "feature rich". For 
major vendors, RADIUS is just a slice of NAC now, and since everybody "is a 
software company!" licensing can be ugly. I'm not slamming those who find value 
in the many interesting features that the likes of ISE and Clearpass offer, but 
I also can't help but be drawn to Microsoft NPS when I think about going 
forward with simple RADIUS.

Way back when, we avoided Microsoft in this role as the reporting wasn't 
particularly strong when it came time to troubleshoot clients. We *may* have 
found relief to this through Splunk, and also enjoy a robust Windows server 
environment staffed by absolutely brilliant MS-minded veteran admins.

All that being said- is anyone using NPS as their RADIUS solution for a large 
secure WLAN environment? Can you share likes, dislikes, regrets, endorsements, 
horror stories, tales of success, etc?

(Any vendor reps lurking- no, I'm not open to hearing about other RADIUS 
solutions. Please, no calls or emails)

Kind regards-

Lee Badman | CWNE #200 | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Microsoft NPS as RADIUS for 802.1X Wi-Fi?

2016-11-17 Thread Jennifer Francis Wilson

Been using IAS and now NPS for several years for our wireless auth.

We are a reasonable size institution (13,000 peak concurrent wireless devices 
connected) and have not had any issues with it.

We run 2 main servers and 1 eduroam server sitting on the outside that decides 
where to send eduroam auth requests, internally or externally. (all VMs, 1 Xeon 
E5-2670 v3 core, 4GB ram on each)

Having said that, we don't do any kind of performance monitoring or get stats 
on the servers (I guess mainly because they have just worked).
We don't do any realm stripping.
Logs are left on the servers on a compressed drive (last six months worth is 
around 20GB size (5GB on the drive))
We use glogg to look at the log files if we are investigating issues.

We are starting to set up clearpass, but only for guests currently, though the 
boxes should be big enough to handle our full radius load too, eventually.

Regards,

Jen.

Jennifer Wilson
Senior IT Network Analyst
University of Central Lancashire
01772 89 2116

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: 16 November 2016 14:40
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi?

Hello to the awesome group.

We've used Cisco ACS with general satisfaction for many years as the RADIUS 
solution for our very, very large WLAN's 802.1X authentication. We also have 
Aruba Clearpass in-house for guest wireless, and have poked around at ISE a 
bit. We're weighing replacing our aging ACS environment, but as many of you 
know times are changing. When you shop for RADIUS, you have to wade through the 
fog of NAC systems because everything is getting ever more "feature rich". For 
major vendors, RADIUS is just a slice of NAC now, and since everybody "is a 
software company!" licensing can be ugly. I'm not slamming those who find value 
in the many interesting features that the likes of ISE and Clearpass offer, but 
I also can't help but be drawn to Microsoft NPS when I think about going 
forward with simple RADIUS.

Way back when, we avoided Microsoft in this role as the reporting wasn't 
particularly strong when it came time to troubleshoot clients. We *may* have 
found relief to this through Splunk, and also enjoy a robust Windows server 
environment staffed by absolutely brilliant MS-minded veteran admins.

All that being said- is anyone using NPS as their RADIUS solution for a large 
secure WLAN environment? Can you share likes, dislikes, regrets, endorsements, 
horror stories, tales of success, etc?


(Any vendor reps lurking- no, I'm not open to hearing about other RADIUS 
solutions. Please, no calls or emails)


Kind regards-

Lee Badman | CWNE #200 | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Microsoft NPS as RADIUS for 802.1X Wi-Fi?

2016-11-17 Thread Lee H Badman

Thanks, Bruce. We are piloting ClearPass as well, and all of your points have 
merit. At the same time, trying to be complete in regards to our own particular 
circumstances. Thanks for the reply.


-  Lee

Lee Badman | CWNE #200 | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Operations)
Sent: Thursday, November 17, 2016 8:07 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi?

Lee,

We actually starts 802.1X Wi-Fi with NPS and then moved to FreeRADIUS-based 
ClearPass. Since you already have ClearPass, it may be worth investigating. We 
are using it for RADIUS & Guest, but not as NAC. The NAC (OnGuard) licenses are 
a separate item.

I believe the needed Policy Manager licenses come with the appliance or VM so 
you may already have all the necessary pieces for testing. Each server comes 
with 25 Enterprise licenses, so at least you could start a small test.

Feel free to reach out to me or TJ with any additional questions. Or team email 
is w...@liberty.edu


Bruce Osborne
Senior Network Engineer
Network Operations - Wireless

 (434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Wednesday, November 16, 2016 9:40 AM
Subject: Microsoft NPS as RADIUS for 802.1X Wi-Fi?

Hello to the awesome group.

We've used Cisco ACS with general satisfaction for many years as the RADIUS 
solution for our very, very large WLAN's 802.1X authentication. We also have 
Aruba Clearpass in-house for guest wireless, and have poked around at ISE a 
bit. We're weighing replacing our aging ACS environment, but as many of you 
know times are changing. When you shop for RADIUS, you have to wade through the 
fog of NAC systems because everything is getting ever more "feature rich". For 
major vendors, RADIUS is just a slice of NAC now, and since everybody "is a 
software company!" licensing can be ugly. I'm not slamming those who find value 
in the many interesting features that the likes of ISE and Clearpass offer, but 
I also can't help but be drawn to Microsoft NPS when I think about going 
forward with simple RADIUS.

Way back when, we avoided Microsoft in this role as the reporting wasn't 
particularly strong when it came time to troubleshoot clients. We *may* have 
found relief to this through Splunk, and also enjoy a robust Windows server 
environment staffed by absolutely brilliant MS-minded veteran admins.

All that being said- is anyone using NPS as their RADIUS solution for a large 
secure WLAN environment? Can you share likes, dislikes, regrets, endorsements, 
horror stories, tales of success, etc?


(Any vendor reps lurking- no, I'm not open to hearing about other RADIUS 
solutions. Please, no calls or emails)


Kind regards-

Lee Badman | CWNE #200 | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Microsoft NPS as RADIUS for 802.1X Wi-Fi?

2016-11-17 Thread Osborne, Bruce W (Network Operations)

Lee,

We actually starts 802.1X Wi-Fi with NPS and then moved to FreeRADIUS-based 
ClearPass. Since you already have ClearPass, it may be worth investigating. We 
are using it for RADIUS & Guest, but not as NAC. The NAC (OnGuard) licenses are 
a separate item.

I believe the needed Policy Manager licenses come with the appliance or VM so 
you may already have all the necessary pieces for testing. Each server comes 
with 25 Enterprise licenses, so at least you could start a small test.

Feel free to reach out to me or TJ with any additional questions. Or team email 
is w...@liberty.edu


Bruce Osborne
Senior Network Engineer
Network Operations - Wireless

 (434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Wednesday, November 16, 2016 9:40 AM
Subject: Microsoft NPS as RADIUS for 802.1X Wi-Fi?

Hello to the awesome group.

We've used Cisco ACS with general satisfaction for many years as the RADIUS 
solution for our very, very large WLAN's 802.1X authentication. We also have 
Aruba Clearpass in-house for guest wireless, and have poked around at ISE a 
bit. We're weighing replacing our aging ACS environment, but as many of you 
know times are changing. When you shop for RADIUS, you have to wade through the 
fog of NAC systems because everything is getting ever more "feature rich". For 
major vendors, RADIUS is just a slice of NAC now, and since everybody "is a 
software company!" licensing can be ugly. I'm not slamming those who find value 
in the many interesting features that the likes of ISE and Clearpass offer, but 
I also can't help but be drawn to Microsoft NPS when I think about going 
forward with simple RADIUS.

Way back when, we avoided Microsoft in this role as the reporting wasn't 
particularly strong when it came time to troubleshoot clients. We *may* have 
found relief to this through Splunk, and also enjoy a robust Windows server 
environment staffed by absolutely brilliant MS-minded veteran admins.

All that being said- is anyone using NPS as their RADIUS solution for a large 
secure WLAN environment? Can you share likes, dislikes, regrets, endorsements, 
horror stories, tales of success, etc?


(Any vendor reps lurking- no, I'm not open to hearing about other RADIUS 
solutions. Please, no calls or emails)


Kind regards-

Lee Badman | CWNE #200 | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Microsoft NPS as RADIUS for 802.1X Wi-Fi?

RE: [WIRELESS-LAN] on-boarding of personal wireless devices

Re: [WIRELESS-LAN] on-boarding of personal wireless devices

Re: [WIRELESS-LAN] on-boarding of personal wireless devices

on-boarding of personal wireless devices

Re: Microsoft NPS as RADIUS for 802.1X Wi-Fi?

RE: Microsoft NPS as RADIUS for 802.1X Wi-Fi?

RE: Microsoft NPS as RADIUS for 802.1X Wi-Fi?

RE: Microsoft NPS as RADIUS for 802.1X Wi-Fi?

9 matches

Site Navigation

Mail list logo

Footer information