I would not suggest WPA/WPA2 mixed mode. We've found that older macs that don't
support WPA2 would not work with mixed mode either. Windows boxes mostly worked
fine with mixed mode, but if the hardware only supported WPA, then WZC would try
to use WPA/AES (a valid but mostly unsupported option). You could force it to
use WPA/TKIP but if you ever connect/reconnect it would revert to WPA/AES.
I don't have a whole of experience with the VPN side of things. It probably
wouldn't work well for guest users and depends a lot on the client. We use the
Cisco VPN client and it is very poor over wireless. We would notice that if
their are any wireless issues at all the VPN client would disconnect, while TCP
applications that were not using the VPN would continue to work fine. I've heard
other VPN vendors (maybe Nortel) have much more stable clients, to the point
that some of them will let you change IP addresses underneath the connection
without losing any sessions.
--David
UT Austin
Phone:
512-475-9299(w)
512-775-8033(c)
Public Key at : http://webspace.utexas.edu/~spindler/pubkey.txt
On Fri, 22 Sep 2006, Crawford, Tim M. wrote:
We're doing something a little different from the main Stanford campus.
The main campus AP's do not use encryption. However, we're currently
using WEP. We're in the process of looking at the alternatives too (WPA
vs. VPN). The main campus is looking to require VPN whenever secure
communications are required...but not requiring VPN by default for AP
access.
Here at the Stanford Graduate School of Business, we're looking to move
from WEP to WPA. There are really two arguments that come to mind...and
they're from the user experience perspective.
Argument for WPA:
Regardless if you use a laptop with wired connection in your office vs.
wireless, the experience is the same. If you're off campus, the
experience is completely different. This appears to be a more widely
acceptable solution in terms of how users think of the experience
relationships (on campus/ off campus, wired/ wireless).
Argument for VPN:
Regardless if you are on campus or off campus, the experience to access
applications is identical. However, this creates a different experience
for users between wired and wireless connections...even in their office.
This also seems to be a more challenging experience for users to keep
track of.
I'm sure others may have other recommendations.
Regards,
Tim
______________________________________
Tim M. Crawford
Associate Director, IT Operations
Stanford Graduate School of Business
650.724.2447
[EMAIL PROTECTED]
-----Original Message-----
From: Robinson, Ronald [mailto:[EMAIL PROTECTED]
Sent: Friday, September 22, 2006 12:00 PM
To: [email protected]
Subject: [WIRELESS-LAN] WPA or VPN
We are in the process of re-evaluating the security on our wireless
network. Currently we support Dynamic WEP/802.1x and WPA with PEAP
authentication. What I would like to know from this group is the pros
and cons to using WPA/2 or VPN, especially with regards to end user
support and, if you are migrating from one to the other, your reasons
for doing so.
------------------------------------------------------
Ron Robinson, Network Architect, Bradley University
1501 West Bradley Ave. | E-Mail: [EMAIL PROTECTED]
Morgan Hall Room 205F | Phone: (309) 677-3350
Peoria, Illinois 61625 | FAX: (309) 677-3460
**********
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
