Re: [WIRELESS-LAN] [External] [WIRELESS-LAN] securew2 and all the devices that don't support it.

[Walter Reynolds]

We do similar to those above. We user a modified version of Packet Fence
for registration of MAC devices.  SecureW2 for 1x devices and freeradius
for radius.  We have a SSID that is specifically for being able to set up
devices, both 802.1x and MAC based auth. The SSID is an open network that
will redirect users to a set up page - https://msetup.its.umich.edu/

This setup page gives you two options.  One for 1x devices that routes you
to the SecureW2 onboarding page.  The second is listed as other devices
with a few examples.  That redirects you to a page where it simply asks for
the MAC address of the device and for you to name it.  This page is
authenticated so the devices are automatically registered to the user.
They are also able to manage their devices (either renew or unregister)



Walter Reynolds
Network Architect
Information and Technology Services
University of Michigan
(734) 615-9438


On Wed, May 27, 2020 at 1:20 AM Norton, Thomas (Network Operations) <
tnort...@liberty.edu> wrote:

> Hi there,
>
> We utilize securew2 for onboarding inline with clearpass as our NAC, and
> will soon integrate securew2 as our primary CA for EAP-TLS across campus.
> For all other devices that don’t support 802.1x, we utilize Mac auth and a
> custom portal we built in house using the clearpass guest api for device
> registration that integrates with the cppm guest database. We’re actually
> building upon it to add operator logins for departmental device management.
> Feel free to reach out direct, we’re very happy with both products.
>
> Get Outlook for iOS 
> --
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Klingaman, Ryan <
> rklinga...@carroll.edu>
> *Sent:* Tuesday, May 26, 2020 6:15:24 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject:* [External] [WIRELESS-LAN] securew2 and all the devices that
> don't support it.
>
> --
>
> [ EXTERNAL EMAIL: Do not click any links or open attachments unless you
> know the sender and trust the content. ]
> --
> I have been a long time user of Ruckus and Cloudpath and have been looking
> into Aruba and Clearpass lately. I see from this list that there are a few
> colleges that use securew2 in place of something like Clearpass or
> Cloudpath.
>
> My question is for those that use it, what is your solution for the gaming
> consoles, media players, virtual assistants, etc.?
>
> Do you only support hardwired on those devices (if they support that
> option)?
>
> Do you have a custom solution tied into the API of the wireless Vendor?
>
> Do you use two solutions such as Clearpass and Securew2?
>
> Thanks,
>
> Ryan
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> 
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [External] [WIRELESS-LAN] securew2 and all the devices that don't support it.

[Norton, Thomas (Network Operations)]

Hi there,

We utilize securew2 for onboarding inline with clearpass as our NAC, and will 
soon integrate securew2 as our primary CA for EAP-TLS across campus.
For all other devices that don’t support 802.1x, we utilize Mac auth and a 
custom portal we built in house using the clearpass guest api for device 
registration that integrates with the cppm guest database. We’re actually 
building upon it to add operator logins for departmental device management. 
Feel free to reach out direct, we’re very happy with both products.

Get Outlook for iOS

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Klingaman, Ryan 

Sent: Tuesday, May 26, 2020 6:15:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [External] [WIRELESS-LAN] securew2 and all the devices that don't 
support it.



[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]


I have been a long time user of Ruckus and Cloudpath and have been looking into 
Aruba and Clearpass lately. I see from this list that there are a few colleges 
that use securew2 in place of something like Clearpass or Cloudpath.

My question is for those that use it, what is your solution for the gaming 
consoles, media players, virtual assistants, etc.?

Do you only support hardwired on those devices (if they support that option)?

Do you have a custom solution tied into the API of the wireless Vendor?

Do you use two solutions such as Clearpass and Securew2?

Thanks,

Ryan

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] securew2 and all the devices that don't support it.

[Curtis K. Larsen]

We use Cloudpath, and ISE.  For the non WPA2-Enterprise devices, or even some 
that are unusually painful to setup - we send them to Cloudpath to register the 
MAC address, then Cloudpath sends an API call with the MAC, user account, and a 
dynamically generated PSK to an interim Linux box which sends it to ISE.  The 
interim Linux box is only there because Cloudpath originally did not accept API 
calls back from ISE (maybe it does now?) confirming the device had been 
registered, and because we found no direct way to generate iPSKs in ISE.

We then have the Cisco WLC configured for i-PSK against ISE for the non 
WPA2-Enterprise WLAN.  There is also an i-PSK Manager out there that I intend 
to play with at some point:  
https://community.cisco.com/t5/security-documents/ipsk-identity-pre-shared-key-manager-portal-server-for-ise/ta-p/3904265

Good luck.


Thanks,

Curtis
[https://kxiwq67737.i.lithium.com/t5/image/serverpage/image-id/47654iB50DFA4030D5D0F9?v=1.0]
iPSK (Identity Pre-Shared-Key) Manager ... - Cisco 
Community
Introduction PSK (Pre-Shared-Key) WLAN is widely used for consumer & enterprise 
IoT onboarding as most of IoT device doesn’t support 802.1X. While PSK WLAN 
provides easy way to onboard IoT, it also introduces challenge as it doesn’t 
provide security that many enterprise requires due to limitation o...
community.cisco.com



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Klingaman, Ryan 

Sent: Tuesday, May 26, 2020 4:15 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] securew2 and all the devices that don't support it.

I have been a long time user of Ruckus and Cloudpath and have been looking into 
Aruba and Clearpass lately. I see from this list that there are a few colleges 
that use securew2 in place of something like Clearpass or Cloudpath.

My question is for those that use it, what is your solution for the gaming 
consoles, media players, virtual assistants, etc.?

Do you only support hardwired on those devices (if they support that option)?

Do you have a custom solution tied into the API of the wireless Vendor?

Do you use two solutions such as Clearpass and Securew2?

Thanks,

Ryan

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

securew2 and all the devices that don't support it.

[Klingaman, Ryan]

I have been a long time user of Ruckus and Cloudpath and have been looking
into Aruba and Clearpass lately. I see from this list that there are a few
colleges that use securew2 in place of something like Clearpass or
Cloudpath.

My question is for those that use it, what is your solution for the gaming
consoles, media players, virtual assistants, etc.?

Do you only support hardwired on those devices (if they support that
option)?

Do you have a custom solution tied into the API of the wireless Vendor?

Do you use two solutions such as Clearpass and Securew2?

Thanks,

Ryan

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community