I second the switch to some kind of EAP, most likely 802.1x with PEAP or TTLS.
I'd also take the opportunity to remove WPA and exclusively use WPA2, or at least separate them. The only thing that should really require WPA at this point are consumer equipment by bad manufacturers. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
