RE: PEAP vs TLS

2018-02-27 Thread Jason Cook 


- Support 802.1x? -
Yes

- use EAP-PEAP on campus? -
Yes

- use EAP-TLS on campus? –
Yes

- What PKI/CA do you use: -

- If both, why and is one preferred? -
We’ve always had EAP-PEAP since 2006 when we first started. We used Cloudpath 
Wizard a few years later to help configure clients, and migrated to Cloudpath 
Enrolment System when it came out and use EAP-TLS.
We don’t force EAP-TLS, but essentially push all users requiring support to 
Cloudpath and EAP-TLS
EAP-PEAP remains available, we may consider turning it of in the future but 
there’s other fish to fry. TLS is organically growing pretty well.

If you want EAP-TLS Cloudpath has been great, many people love Secure W2. Check 
them both out

Brief description of why you’re doing what you’re doing and anything else that 
might be helpful:

Less lockouts from client devices are a great bonus at password change time. 
Also if an AD lockout occurs (for any reason), an EAP-TLS configured device 
still gets authenticated and has wifi access.

Have generally found that many clients are happier on EAP-TLS. After reports of 
stability issues, investigating RF and no real problems. EAP-TLS and users 
claim things are better.

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of David Morton
Sent: Saturday, 24 February 2018 3:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] PEAP vs TLS

We currently use EAP-PEAP for our eduroam/802.1x, but are now considering 
adding EAP-TLS to the mix. We have several potential PKIs that we could use, 
but all of them will take some work to get them ready for a production launch. 
Given that resources are limited, I’m looking for some data points about others 
who have moved, are thinking of moving or have decided not to adopt EAP-TLS.

To help gather some data can you please answer this short survey?

Do you:

- Support 802.1x? -

If yes, do you:

- use EAP-PEAP on campus? -

- use EAP-TLS on campus? -
- What PKI/CA do you use: -

- If both, why and is one preferred? -

- If only PEAP, are you planning EAP-TLS? -

Brief description of why you’re doing what you’re doing and anything else that 
might be helpful:



Thank you in advance


David



David Morton
Director, Networks & Telecommunications
Services: Wi-Fi, Wired, Telephony, Mobile & HuskyTV
University of Washington
dmor...@uw.edu
tel 206.221.7814

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: PEAP vs TLS

2018-02-27 Thread Eriks Rugelis 
>Do you:
>- Support 802.1x? - 
Yes.

>If yes, do you:
>- use EAP-PEAP on campus? - 
Yes.

>- use EAP-TLS on campus? - 
No.

>- What PKI/CA do you use: - 
GlobalSign.

>- If only PEAP, are you planning EAP-TLS? - 
No.

When 801.1x was launched here, PEAP was the lowest common denominator for 
machine-based authentication across the fleet of BYOD clients.  PEAP continues 
to be deemed 'good enough' for our needs.  A project proposal to deploy EAP-TLS 
continues to be difficult to justify resource allocations to proceed vs. other 
service improvements and operational fires.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.