RE: [WIRELESS-LAN] EAP-TLS

2017-08-11 Thread Lee H Badman
Well said, Jeff. We (as probably a lot of other schools as well) struggle with security versus ease of use/overhead, and one question that often gets forgotten about is: what are we really gaining here- like really? The answer will vary across schools, but it’s an important question. Lee

Re: [WIRELESS-LAN] EAP-TLS

2017-08-11 Thread Jeffrey D. Sessler
I would do a cost/benefit/risk assessment. IMHO, some of the claimed benefits to EAP-TLS over EAP-PEAP may not hold up under objective analysis especially when you factor in the added cost to implement/maintain vs the actual risk (or perceived benefit). Just off the top of my head: Use of

RE: [WIRELESS-LAN] EAP-TLS

2017-08-11 Thread Chuck Enfield
Sorry if somebody already replied with those. I haven't been following the thread, but when Bruce and Lee both make approving comments in response to a post I take notice. From: Chuck Enfield [mailto:chu...@psu.edu] Sent: Friday, August 11, 2017 8:52 AM To: The EDUCAUSE Wireless Issues

Wired authentication

2017-08-11 Thread Bucklaew, Jerry
Bruce, I changed the title to wired authentication as to not derail my other thread. We wanted to make sure we did not have any unauthenticated ports, so that is why we overlaid mac auth and 802.1x. Our users can always just register and do mac auth if they can’t figure it out, but all

RE: [WIRELESS-LAN] EAP-TLS

2017-08-11 Thread Chuck Enfield
For certain types of devices (lab and loaner laptops, for example) there is support value in having network connectivity without the need for a user to log on. EAP-TLS is the only enterprise auth method supported for some IoT devices. We have quite a few door locks in this category. From:

RE: [WIRELESS-LAN] EAP-TLS

2017-08-11 Thread Bucklaew, Jerry
To ALL: I am going to amend my initial request to "does anyone have any other reasons to switch to eap-tls besides the ones I list below"? I am trying to build a case for switching and want to gather all the benefits. From: The EDUCAUSE Wireless Issues Constituent Group Listserv

RE: [WIRELESS-LAN] EAP-TLS

2017-08-11 Thread Lee H Badman
Great input, thanks! Lee Badman | Network Architect Certified Wireless Network Expert (#200) Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu w its.syr.edu SYRACUSE

RE: EAP-TLS

2017-08-11 Thread Osborne, Bruce W (Network Operations)
Jerry, I find some of your comments interesting. We have many things in common. We are also an Aruba wireless / ClearPass customer using PEAP-MSCHAPv2 & MAC Auth. Although we initially designed for full Cisco wired 802.1X we have been running a strange Cisco config that uses it somewhat but