We use 802.1x using Windows IAS (RADIUS) server as the authentication device. Wireless clients use EAP-LTS for encryption and authentication. An Enterprise version of Microsoft Certificate Server issues the certificate and re-news automatically on most clients. Most of our students have Windows XP or Apple OS X 10.4, both clients work very well. We also have faculty which use Pocket PC using the same certificate based authentication/encryption. I had only one request for instructions on connecting via wireless from a Linux box, so while we haven't tried it I'm confident that it can be done given that OS X 10.4 is based on BSD Linux. To make the process easier for student setup we did write a web interface that will create and down load the correct variety of certificate. I have to comment that all vendors have developed their CA Certificate support dramatically. Anyone starting now would have a better experience than when we started 4 years ago.
Dennis Rigdon, MCSE Dir. Network Services Okla. City Univ. 405-208-5849 _____ From: Nathan Hay [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 25, 2007 8:25 AM To: [email protected] Subject: [WIRELESS-LAN] Transition from open to encrypted We've been running our main SSID without encryption to make it easier for students to connect and to make life easier for our help desk. Not surprisingly we've started to have problems with students sniffing packets and capturing the IM passwords, etc of other students. Because of this, we are working on a plan to make our main SSID encrypted by the start of next school year. Does anyone have a recommended scheme for encryption that supports a wide variety of clients? We have Windows, Mac, Linux, Nintendo Wii, and many different types of handheld devices on campus. Our wireless network is Meru. We don't have any 802.1x experience, but we are willing to learn if that is where we need to head. We'd like a scheme that makes it as easy for the client to connect as possible, but still provides a good level of security. Any thoughts or suggestions would be appreciated, Nathan Nathan P. Hay Network Engineer Computer Services Cedarville University www.cedarville.edu <http://www.cedarville.edu/> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
smime.p7s
Description: S/MIME cryptographic signature
