RE: [WIRELESS-LAN] 802.1x vs. Bluesocket/Reefedge vs. VPN

[Leah Goldman]

Title: Message

Hello from Maryland...   We now use Vernier for authentication/security - originally we had users register the MAC address of the wireless card and then they would have access at anytime.  We deployed Vernier products at our Shady Grove site in October of 2002 and it has been running great ever since.  We turned Vernier on at College Park on August 1 2003.  We mainly wanted Vernier for breaking up the big VLAN and to retire the MAC registration process and provide single session authentication.  Since we have found GREAT uses for example - it was very easy to block the ports the last few weeks Viruses were using and keep infected users off the wireless network - through the use of port blocking and redirection we didn't have any problems on the wireless side   802.1x didn't seem like a fit at the time I looked at it   we broadcast our SSID,   we have over 270 access points deployed on campus and running through Vernier   we have a Cisco vpn solution for users that want to make use of it   we use Cisco access points     Leah Goldman University of Maryland http://wireless.umd.edu   301.405.4416     -----Original Message----- From: 802.11 wireless issues listserv [mailto:[EMAIL PROTECTED] On Behalf Of Dewitt Latimer Sent: Tuesday, August 26, 2003 6:31 AM To: [EMAIL PROTECTED] Subject: [WIRELESS-LAN] 802.1x vs. Bluesocket/Reefedge vs. VPN Okay:   we've seen some discussion on 802.1x usage (is there more out there?)  Some PEAP, some LEAP, and TLS seems to be out unless you have an existing PKI infrastructure (yeah, right).   We saw one mention of Bluesocket.  How many other schools are opting for WLAN edge treatment using Bluesocket or Reefedge products?  Are you happy with the performance?  Client issues?  Cost/value?   Then there's the tried & true firewall/VPN solution.  Client issues?  Do you permit your cloud to be open in private address space or do you control somehow control association with your APs  Do you pemit limited access to resources (without the benefit of the VPN session) to those services that have strong AuthN support (e.g. SSL enabled Webmail for instance)?   Finally -- how many schools have opted not to broadcast SSIDs?   come on folks -- the list is only as good as those who take time to contrubute meaningful dialogue.   -d     ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.