Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] WLAN onboarding

[Norman Elton]

We are SecureW2 for EAP-TLS. In addition to working well, and handling the
recent Android changes fairly well, I’ll commend their excellent support
staff. They are always quick to respond and extremely knowledgeable about
all things CA related.

A word to those looking to go EAP-TLS, whether securew2 or not ... you have
to make lots of important decisions up front (particularly around your CA
structure) and then live with them, basically, forever. Talk to a number of
other institutions about how they’ve named & labeled things before
beginning to onboard users.

Norman Elton
William & Mary

On Wed, Apr 7, 2021 at 2:55 PM Adam T. Ferrero  wrote:

>
>
>   I love the geteduroam app!  It is awesome, easy, pretty, and simple.  We
> are planning to leverage it for more of our onboarding.
>
>
>
>   We are open SSID with Aruba Clearpass captive portal, SMS texted
> credentials for self service guests (via Twilio), and switch to WPA2
> enterprise for actual internet access.  We’d been using Aruba OS specific
> landing pages to feed their Quick Connect tool to onboard.  Aruba is
> encouraging Onboard rather than Quick Connect but that comes with license
> fees.  With Android 11 changes and a desired to deprecate our PEAP/MSCHAP
> we’ve been spending time here.
>
>
>
>   Still a work in progress but geteduroam app is a win!  Nice work to that
> team!
>
>
>
>   Adam
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Philippe Hanset
> *Sent:* Wednesday, April 7, 2021 10:55 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [External] Re: [WIRELESS-LAN] WLAN onboarding
>
>
>
> Lee,
>
>
>
> Based on your timeframe you might also want to consider the new
> development that is done in Europe called “geteduroam”.
>
> https://www.geteduroam.app
>
> It is App based and will feed from CAT but it is based on EAP-TLS or on
> EAP-TTLS/PEAP if preferred.
>
>
>
> So you could start with CAT  and username/password (CAT allows you to
> provision eduroam and other SSIDs as well) and evolve later to EAP-TLS.
>
>
>
> Philippe
>
>
>
>
>
> Philippe Hanset, CEO
> www.anyroam.net
> Operator of eduroam-US
> +1 (865) 236-0770
>
>
>
>
>
>
>
> On Apr 7, 2021, at 10:05 AM, Lee H Badman <
> 00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote:
>
>
>
> Hello everyone, hope your semesters are going along smoothly and that you
> are all staying healthy. As always- this message is not an invite for
> vendors to contact me.
>
>
>
> Looking out down our short timeline, we need to make a number of decisions
> about various aspects of our WLAN operations. One of these decision points
> is if/how to do the 802.1X onboarding after our current solution goes End
> of Everything at year’s end. To that end, I’m looking for any and all
> feedback on these questions:
>
> - If you are using PEAP/MS-CHAP v2, what is your onboarder of choice (even
> if none, with manual config as methodology)?
>
> -If you are doing PEAP-TLS, what is your onboarder of choice?
>
> -Have you recently piloted any onboarders that you just hate for any
> reason?
>
> -For those using eduroam as your 802.1X environment, have you found the
> free configuration tool to be reliable? Any downsides to using it at scale?
>
>
>
> Interested in 3rd party, native, whatever.
>
>
>
> Thanks as always,
>
>
>
> Lee Badman
>
>
>
> *Lee Badman* | Network Architect (CWNE#200)
>
> Information Technology Services
> (NDD Group)
> 206 Machinery Hall
> 120 Smith Drive
> <https://www.google.com/maps/search/120+Smith+Drive+%0D%0ASyracuse,+New+York+13244?entry=gmail=g>
> Syracuse, New York 13244
> <https://www.google.com/maps/search/120+Smith+Drive+%0D%0ASyracuse,+New+York+13244?entry=gmail=g>
>
> *t* 315.443.3003  * e* lhbad...@syr.edu *w* its.syr.edu
>
> Campus Wireless Policy:
> https://answers.syr.edu/display/network/Wireless+Network+and+Systems
>
> *SYRACUSE UNIVERSITY*
> syr.edu
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Addition

RE: [External] Re: [WIRELESS-LAN] WLAN onboarding

[Adam T. Ferrero]

  I love the geteduroam app!  It is awesome, easy, pretty, and simple.  We are 
planning to leverage it for more of our onboarding.

  We are open SSID with Aruba Clearpass captive portal, SMS texted credentials 
for self service guests (via Twilio), and switch to WPA2 enterprise for actual 
internet access.  We’d been using Aruba OS specific landing pages to feed their 
Quick Connect tool to onboard.  Aruba is encouraging Onboard rather than Quick 
Connect but that comes with license fees.  With Android 11 changes and a 
desired to deprecate our PEAP/MSCHAP we’ve been spending time here.

  Still a work in progress but geteduroam app is a win!  Nice work to that team!

  Adam

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Philippe Hanset
Sent: Wednesday, April 7, 2021 10:55 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [External] Re: [WIRELESS-LAN] WLAN onboarding

Lee,

Based on your timeframe you might also want to consider the new development 
that is done in Europe called “geteduroam”.
https://www.geteduroam.app
It is App based and will feed from CAT but it is based on EAP-TLS or on 
EAP-TTLS/PEAP if preferred.

So you could start with CAT  and username/password (CAT allows you to provision 
eduroam and other SSIDs as well) and evolve later to EAP-TLS.

Philippe


Philippe Hanset, CEO
www.anyroam.net<http://www.anyroam.net>
Operator of eduroam-US
+1 (865) 236-0770






On Apr 7, 2021, at 10:05 AM, Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
 wrote:

Hello everyone, hope your semesters are going along smoothly and that you are 
all staying healthy. As always- this message is not an invite for vendors to 
contact me.

Looking out down our short timeline, we need to make a number of decisions 
about various aspects of our WLAN operations. One of these decision points is 
if/how to do the 802.1X onboarding after our current solution goes End of 
Everything at year’s end. To that end, I’m looking for any and all feedback on 
these questions:

- If you are using PEAP/MS-CHAP v2, what is your onboarder of choice (even if 
none, with manual config as methodology)?
-If you are doing PEAP-TLS, what is your onboarder of choice?
-Have you recently piloted any onboarders that you just hate for any reason?
-For those using eduroam as your 802.1X environment, have you found the free 
configuration tool to be reliable? Any downsides to using it at scale?

Interested in 3rd party, native, whatever.

Thanks as always,

Lee Badman

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu<http://its.syr.edu>
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu<http://syr.edu>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] WLAN onboarding

[Lee H Badman]

Thanks much, Curtis. And everyone responding.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Curtis K. Larsen
Sent: Wednesday, April 7, 2021 11:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLAN onboarding

Hi Lee,

We have used the Cloudpath Enrollment System (Ruckus now) since it's release 
(2009?) for EAP-TLS onboarding, and they added PEAP capabilities a few years 
back.  I think it has been very versatile and amazingly simple to maintain.  
The only drawbacks have been a lag of a few weeks sometimes (rarely but it has 
happened) when an OS changes their supplicant, and Windows flagged their exe as 
a virus twice over a ten year period (luckily a manual cert download could 
bypass that).  We looked at secureW2 about a year ago, and in my opinion it is 
the best in the space (probably doesn't get flagged as a virus, haha), but the 
cost was many, many times more than Cloudpath for our large campus and hospital 
org.  We have also been able to use Cloudpath not just for 802.1X onboarding, 
but also to send i-PSK registrations to Cisco ISE on our IoT SSID.  Let me know 
if you'd like to see how we use it sometime.

Thanks,

--
Curtis K. Larsen
Wireless Network Engineer III
The University of Utah

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
Sent: Wednesday, April 7, 2021 9:30 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] WLAN onboarding

Thanks, Philippe. I didn’t realize CAT would accommodate non-eduroam SSIDs. 
That’s huge.
Lee Badman (mobile)


On Apr 7, 2021, at 10:55 AM, Philippe Hanset 
<005cd62f91b7-dmarc-requ...@listserv.educause.edu<mailto:005cd62f91b7-dmarc-requ...@listserv.educause.edu>>
 wrote:
 Lee,

Based on your timeframe you might also want to consider the new development 
that is done in Europe called “geteduroam”.
https://www.geteduroam.app
It is App based and will feed from CAT but it is based on EAP-TLS or on 
EAP-TTLS/PEAP if preferred.

So you could start with CAT  and username/password (CAT allows you to provision 
eduroam and other SSIDs as well) and evolve later to EAP-TLS.

Philippe


Philippe Hanset, CEO
www.anyroam.net<http://www.anyroam.net>
Operator of eduroam-US
+1 (865) 236-0770






On Apr 7, 2021, at 10:05 AM, Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
 wrote:


Hello everyone, hope your semesters are going along smoothly and that you are 
all staying healthy. As always- this message is not an invite for vendors to 
contact me.



Looking out down our short timeline, we need to make a number of decisions 
about various aspects of our WLAN operations. One of these decision points is 
if/how to do the 802.1X onboarding after our current solution goes End of 
Everything at year’s end. To that end, I’m looking for any and all feedback on 
these questions:

- If you are using PEAP/MS-CHAP v2, what is your onboarder of choice (even if 
none, with manual config as methodology)?

-If you are doing PEAP-TLS, what is your onboarder of choice?

-Have you recently piloted any onboarders that you just hate for any reason?

-For those using eduroam as your 802.1X environment, have you found the free 
configuration tool to be reliable? Any downsides to using it at scale?



Interested in 3rd party, native, whatever.



Thanks as always,



Lee Badman



Lee Badman | Network Architect (CWNE#200)

Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu<http://its.syr.edu>

Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems

SYRACUSE UNIVERSITY
syr.edu<http://syr.edu>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only

Re: [WIRELESS-LAN] WLAN onboarding

[Curtis K. Larsen]

Hi Lee,

We have used the Cloudpath Enrollment System (Ruckus now) since it's release 
(2009?) for EAP-TLS onboarding, and they added PEAP capabilities a few years 
back.  I think it has been very versatile and amazingly simple to maintain.  
The only drawbacks have been a lag of a few weeks sometimes (rarely but it has 
happened) when an OS changes their supplicant, and Windows flagged their exe as 
a virus twice over a ten year period (luckily a manual cert download could 
bypass that).  We looked at secureW2 about a year ago, and in my opinion it is 
the best in the space (probably doesn't get flagged as a virus, haha), but the 
cost was many, many times more than Cloudpath for our large campus and hospital 
org.  We have also been able to use Cloudpath not just for 802.1X onboarding, 
but also to send i-PSK registrations to Cisco ISE on our IoT SSID.  Let me know 
if you'd like to see how we use it sometime.

Thanks,


--
Curtis K. Larsen
Wireless Network Engineer III
The University of Utah


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu>
Sent: Wednesday, April 7, 2021 9:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] WLAN onboarding

Thanks, Philippe. I didn’t realize CAT would accommodate non-eduroam SSIDs. 
That’s huge.

Lee Badman (mobile)

On Apr 7, 2021, at 10:55 AM, Philippe Hanset 
<005cd62f91b7-dmarc-requ...@listserv.educause.edu> wrote:

 Lee,

Based on your timeframe you might also want to consider the new development 
that is done in Europe called “geteduroam”.
https://www.geteduroam.app
It is App based and will feed from CAT but it is based on EAP-TLS or on 
EAP-TTLS/PEAP if preferred.

So you could start with CAT  and username/password (CAT allows you to provision 
eduroam and other SSIDs as well) and evolve later to EAP-TLS.

Philippe


Philippe Hanset, CEO
www.anyroam.net<http://www.anyroam.net>
Operator of eduroam-US
+1 (865) 236-0770






On Apr 7, 2021, at 10:05 AM, Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
 wrote:


Hello everyone, hope your semesters are going along smoothly and that you are 
all staying healthy. As always- this message is not an invite for vendors to 
contact me.



Looking out down our short timeline, we need to make a number of decisions 
about various aspects of our WLAN operations. One of these decision points is 
if/how to do the 802.1X onboarding after our current solution goes End of 
Everything at year’s end. To that end, I’m looking for any and all feedback on 
these questions:

- If you are using PEAP/MS-CHAP v2, what is your onboarder of choice (even if 
none, with manual config as methodology)?

-If you are doing PEAP-TLS, what is your onboarder of choice?

-Have you recently piloted any onboarders that you just hate for any reason?

-For those using eduroam as your 802.1X environment, have you found the free 
configuration tool to be reliable? Any downsides to using it at scale?



Interested in 3rd party, native, whatever.



Thanks as always,



Lee Badman



Lee Badman | Network Architect (CWNE#200)

Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu<http://its.syr.edu>

Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems

SYRACUSE UNIVERSITY
syr.edu<http://syr.edu>



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] WLAN onboarding

[Lee H Badman]

Thanks, Philippe. I didn’t realize CAT would accommodate non-eduroam SSIDs. 
That’s huge.

Lee Badman (mobile)

On Apr 7, 2021, at 10:55 AM, Philippe Hanset 
<005cd62f91b7-dmarc-requ...@listserv.educause.edu> wrote:

 Lee,

Based on your timeframe you might also want to consider the new development 
that is done in Europe called “geteduroam”.
https://www.geteduroam.app
It is App based and will feed from CAT but it is based on EAP-TLS or on 
EAP-TTLS/PEAP if preferred.

So you could start with CAT  and username/password (CAT allows you to provision 
eduroam and other SSIDs as well) and evolve later to EAP-TLS.

Philippe


Philippe Hanset, CEO
www.anyroam.net
Operator of eduroam-US
+1 (865) 236-0770






On Apr 7, 2021, at 10:05 AM, Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu>
 wrote:

Hello everyone, hope your semesters are going along smoothly and that you are 
all staying healthy. As always- this message is not an invite for vendors to 
contact me.

Looking out down our short timeline, we need to make a number of decisions 
about various aspects of our WLAN operations. One of these decision points is 
if/how to do the 802.1X onboarding after our current solution goes End of 
Everything at year’s end. To that end, I’m looking for any and all feedback on 
these questions:

- If you are using PEAP/MS-CHAP v2, what is your onboarder of choice (even if 
none, with manual config as methodology)?
-If you are doing PEAP-TLS, what is your onboarder of choice?
-Have you recently piloted any onboarders that you just hate for any reason?
-For those using eduroam as your 802.1X environment, have you found the free 
configuration tool to be reliable? Any downsides to using it at scale?

Interested in 3rd party, native, whatever.

Thanks as always,

Lee Badman

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w 
its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] WLAN onboarding

[Philippe Hanset]

Lee,

Based on your timeframe you might also want to consider the new development 
that is done in Europe called “geteduroam”.
https://www.geteduroam.app
It is App based and will feed from CAT but it is based on EAP-TLS or on 
EAP-TTLS/PEAP if preferred.

So you could start with CAT  and username/password (CAT allows you to provision 
eduroam and other SSIDs as well) and evolve later to EAP-TLS.

Philippe


Philippe Hanset, CEO
www.anyroam.net
Operator of eduroam-US
+1 (865) 236-0770






> On Apr 7, 2021, at 10:05 AM, Lee H Badman 
> <00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote:
> 
> Hello everyone, hope your semesters are going along smoothly and that you are 
> all staying healthy. As always- this message is not an invite for vendors to 
> contact me.
>  
> Looking out down our short timeline, we need to make a number of decisions 
> about various aspects of our WLAN operations. One of these decision points is 
> if/how to do the 802.1X onboarding after our current solution goes End of 
> Everything at year’s end. To that end, I’m looking for any and all feedback 
> on these questions:
> 
> - If you are using PEAP/MS-CHAP v2, what is your onboarder of choice (even if 
> none, with manual config as methodology)?
> -If you are doing PEAP-TLS, what is your onboarder of choice?
> -Have you recently piloted any onboarders that you just hate for any reason?
> -For those using eduroam as your 802.1X environment, have you found the free 
> configuration tool to be reliable? Any downsides to using it at scale?
>  
> Interested in 3rd party, native, whatever.
>  
> Thanks as always,
>  
> Lee Badman
>  
> Lee Badman | Network Architect (CWNE#200)
> 
> Information Technology Services
> (NDD Group)
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
> 
> t 315.443.3003   e lhbad...@syr.edu  w its.syr.edu
> Campus Wireless Policy: 
> https://answers.syr.edu/display/network/Wireless+Network+and+Systems 
> 
> SYRACUSE UNIVERSITY
> syr.edu
> 
>  
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://www.educause.edu/community 

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] WLAN onboarding

[Felix Windt]

At Dartmouth, we use the free eduroam tool to onboard our PEAP/MS-CHAPv2 
eduroam SSID, which is our only 802.1x WLAN. It works really well for us. 
Occasionally I argue for switching to EAP-TLS, at that point we’d switch to a 
tool that does the certificate provisioning.

thx,
felix

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Wednesday, April 7, 2021 at 10:05 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: [WIRELESS-LAN] WLAN onboarding

Hello everyone, hope your semesters are going along smoothly and that you are 
all staying healthy. As always- this message is not an invite for vendors to 
contact me.

Looking out down our short timeline, we need to make a number of decisions 
about various aspects of our WLAN operations. One of these decision points is 
if/how to do the 802.1X onboarding after our current solution goes End of 
Everything at year’s end. To that end, I’m looking for any and all feedback on 
these questions:

- If you are using PEAP/MS-CHAP v2, what is your onboarder of choice (even if 
none, with manual config as methodology)?
-If you are doing PEAP-TLS, what is your onboarder of choice?
-Have you recently piloted any onboarders that you just hate for any reason?
-For those using eduroam as your 802.1X environment, have you found the free 
configuration tool to be reliable? Any downsides to using it at scale?

Interested in 3rd party, native, whatever.

Thanks as always,

Lee Badman

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community