Re: [WIRELESS-LAN] Wireless Printers on 802.1x Network

Tue, 09 Jun 2009 15:09:09 -0700 

On 8/6/09 19:48, Lee H Badman wrote:

Thanks, Arran. I did pick apart a Dell 5210n this morning that looked hopeful- 
but regardless of what you configured it refused to functionally do anything 
beyond LEAP. Sigh...


Oh dear... if you're going to implement anything LEAP is *not* the one to go 
for. Suppose you've applied all the latest F/W updates etc ?

It's nice that these vendors are taking the time to implement WPA-Enterprise on 
their latest products... if only they could actually get it right.

Worst comes to the worst you could always look into wireless client bridges. 
Get them to connect on behalf of the printers then just run ethernet.

Arran




Lee H. Badman
Wireless/Network Engineer
Information Technology and Services
Syracuse University
315 443-3003

-----Original Message-----
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:[email protected]] On Behalf Of Arran Cudbard-Bell
Sent: Monday, June 08, 2009 2:26 PM
To: [email protected]
Subject: Re: [WIRELESS-LAN] Wireless Printers on 802.1x Network

Hi Lee,


Given that we are running 802.1x PEAP w/ MS-CHAPv2, WPA/TKIP on main
prod wireless network, has anyone with same network setup found a
wireless printer that will work as a client device? Looking for real
examples of functional printers- several wireless printers look
potentially good until you go to set them up. If you know of any the
work in the real world (with 802.1x PEAP w/ MS-CHAPv2, WPA/TKIP) the
information would have great value.


Only negative information i'm afraid. Last time I checked the HP JetDirect 
supplicant was running something that claimed to be PEAPv0 (had the PEAPv0 
flag), but acted more like PEAPv1 (including full
EAP headers in the inner tunnel). Our RADIUS servers (FreeRADIUS 2.*) 
categorically refused to authenticate these devices (because of the additional 
headers in the inner tunnel), and i've heard
reports that IAS rejects them as well.

This was on wired, but the supplicant is probably the same for both wired and 
wireless interfaces (it'd make no sense implementing EAP twice).

Regards,
Arran


--
Arran Cudbard-Bell ([email protected]),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2

**********
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.






















					Reply via email to