I’m also doing unmanned eap peap (yes I know all the security reasons against
this) if I don’t use public signed ca will byod devices be able to connect via
eap peap with that private cert?
Trent Hurt
University of Louisville
From: The EDUCAUSE Wireless
You are likely totally hosed. In fact, you should consider abandoning public
CAs entirely when you re-do this. Through-out the years, I've counseled a lot
of schools about TLS deployments, and I cautioned strongly against using public
CAs for this exact reason. You have no control, and your
Hi there,
We utilize securew2 for onboarding inline with clearpass as our NAC, and will
soon integrate securew2 as our primary CA for EAP-TLS across campus.
For all other devices that don’t support 802.1x, we utilize Mac auth and a
custom portal we built in house using the clearpass guest api
We use Cloudpath, and ISE. For the non WPA2-Enterprise devices, or even some
that are unusually painful to setup - we send them to Cloudpath to register the
MAC address, then Cloudpath sends an API call with the MAC, user account, and a
dynamically generated PSK to an interim Linux box which
I have been a long time user of Ruckus and Cloudpath and have been looking
into Aruba and Clearpass lately. I see from this list that there are a few
colleges that use securew2 in place of something like Clearpass or
Cloudpath.
My question is for those that use it, what is your solution for the
I have both eap peap and eap tls setup and working. My radius server cert is
going to expire soon. I have received new one from public ca. It works fine
for eap peap clients. But for my existing eap tls clients they all fail auth
when I switch to this new updated rad cert. I see that my