Re: [WIRELESS-LAN] InCommon certificate trust chain issues with upgraded Windows Systems

An EAP server certificate from a PKI in your control is always the recommended path. A public CA-signed EAP server certificate should be a last resort. tim From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of "McClintic, Thomas" Reply-To: The EDUCAUSE Wireless Issues

Re: [WIRELESS-LAN] Feasibility of an open SSID for student use

Just a clarification. Android 10 generates a MAC address per ESSID for the lifetime of the OS instance. It does not change daily. From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Felix Windt Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv Date:

Re: [WIRELESS-LAN] Onboarding Android devices

PEAP is not standardized and was not designed to be used outside a Windows AD-joined, GPO controlled environment. I'm hoping Google's changes (very welcome IMO) and continued restrictions on Apple platforms will steer people away from legacy, deprecated protocols/EAP methods. tim On

Re: [WIRELESS-LAN] Issues with Windows 10

nd equally secure to a supplicant utility, so we also support that avenue for configuration. However, if you don't have a public-CA-signed certificate, they display the words "Not Trusted" in red bold letters during the certificate verification process. On Tue, Jul 31, 2018 at 5:30 PM

Re: [WIRELESS-LAN] Issues with Windows 10

Just curious, for those running a supplicant configuration utility, why are you using a public CA-signed EAP server certificate? On 7/31/18, 4:21 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Charles Rumford" wrote: On 07/31/2018 04:18 PM, Michael Dickson

Re: [WIRELESS-LAN] Aruba Clearpass Guest Portal

Feel free to unicast me any questions as well. tim TIM CAPPALLI | Aruba Security On 6/4/18, 3:46 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Kenny, Eric" wrote: Hi Patrick, We are using the guest portal for self-registered and sponsored guest

Re: [WIRELESS-LAN] ClearPass - not so clear anymore

Hector, Something definitely seems amiss then. I’ll take a look at the case. A maximum of 1 access license is consumed per MAC address, regardless of multiple sessions or lack of accounting stop. Thanks for the followup. tim From: The EDUCAUSE Wireless Issues Constituent Group Listserv

Re: [WIRELESS-LAN] ClearPass - not so clear anymore

learPass - not so clear anymore Authentication might not stop, but what about access to the UI or the ability to make config changes? -H From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cappalli, Tim (Aruba Security) Sent: T

Re: [WIRELESS-LAN] ClearPass - not so clear anymore

Hector, During a roam event where a new session is created, a stop should also be generated by the NAD, so this should be a non-issue. Also, as of 6.7.2, TACACS+ does not directly consume any access licenses (as long as you have at least 100 access licenses installed, TACACS+ usage is

Re: [WIRELESS-LAN] Amazon Fire Tablet Line - 802.1x Support Dropped?

Kind of makes sense though doesn’t it? Why would you want to allow a device unique private key to be used without requiring a device unlock? From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of "Turner, Ryan H"

Re: [WIRELESS-LAN] Wall plate AP and Coax line sharing box

For the Aruba AP-303H, there is now a bracket that allows for two keystone pass-through connectors on the bottom. AP-303H-MNTW (JY688A) On 1/23/18, 4:12 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Richard Nedwich"

Re: [WIRELESS-LAN] IOS 11 problem with eap-mschapv2/peap authentication

Just curious. Why aren't you using the same EAP server certificate across all of your RADIUS servers? From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Linchuan Yang Reply-To: The EDUCAUSE Wireless

Re: [WIRELESS-LAN] Wi-Fi Request for University Conference event

What are you using for a AAA solution? ClearPass fully supports per-device PSK with Cisco WLC’s with full self-registration. tim From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Jason Cook

Re: [WIRELESS-LAN] UT Austin Biennial Network Report

William – Very interested in this: >> The wireless“eduroam” service is not available at the university, or for >> university members at other institutions. Current interpretation of the laws >> and policies surrounding use of state resources is that eduroam use is >> prohibited on university

Re: [WIRELESS-LAN] UT Austin Biennial Network Report

William – Very interested in this: >> The wireless“eduroam” service is not available at the university, or for >> university members at other institutions. Current interpretation of the laws >> and policies surrounding use of state resources is that eduroam use is >> prohibited on

Re: [WIRELESS-LAN] Move In/Opening Week- Any Problems?

ClearPass will auto-generate an internal WebAuth request by default after a device registration. Create a service to accept this request and issue a disconnect message to the controller to force a reauthentication. See these screenshots for the service config, it’s very basic. You only need

Re: [WIRELESS-LAN] Android phones having strange issues

Aruba ClearPass Onboard also fully supports Android Oreo. On 8/22/17, 6:16 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Richard Nedwich" wrote: Hi Bruce, Yes, our Wizard

Re: [WIRELESS-LAN] EAP-PEAP risk/benefit assessment

ireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cappalli, Tim (Aruba Security) Sent: Wednesday, July 12, 2017 10:33 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] EAP-PEAP risk

Re: [WIRELESS-LAN] EAP-PEAP risk/benefit assessment

E Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cappalli, Tim (Aruba Security) Sent: Wednesday, July 12, 2017 10:33 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-PEAP risk/benefit assessment I’m curious abou

Re: [WIRELESS-LAN] EAP-PEAP risk/benefit assessment

I’m curious about “…certs may give a false sense of security and identity”. Can you elaborate on that? Tim From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Thomas Carter Reply-To: The EDUCAUSE Wireless

Re: [WIRELESS-LAN] 802.1x expired certificate (Eduroam)

It really depends on how the supplicant is configured. If a configuration tool was used, it may have locked the supplicant to a specific cert and disallowed the user to approve exceptions. On 7/4/17, 11:34 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Julian Y

Re: [WIRELESS-LAN] Eduroam adoption (and migration process)

Can you elaborate on this comment? “whereas with eduroam we were kind of locked-in to the PEAP model.” Eduroam is EAP agnostic. On 4/27/17, 10:57 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Curtis K. Larsen"

Re: [WIRELESS-LAN] Multiple SSIDs, AIrGroups, Consumer Devices and you...

Ben, You can put a user into a restricted headless “provisioning” role temporarily which would allow them to connect to your headless network and configure the device. We can write policy to check the device registration database to ensure that they actually have a registered headless device

Re: [WIRELESS-LAN] Shared iPads

Jason – Are the tablets managed by an MDM/EMM? From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of "Osborne, Bruce W (Network Operations)" Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv