There is a big surprise....
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Peter P Morrissey Sent: Wednesday, June 24, 2009 5:07 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Student 802.1x I will second that. The other thing it does is make sure that your certs are used. The auto config for Macs and Windows 7 appear to ignore the certs completely. Pete Morrissey From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Mike King Sent: Wednesday, June 24, 2009 4:51 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Student 802.1x Tom, Nobody has said it yet (which I'm surprised) You might want to look into http://www.cloudpath.net/ which is program you can distribute that will auto configure the 802.1x settings on client machines. Many universitys and colleges publish an Open SSID that lands on a captive portal that just displays this program. The program will then autoconfigure they're supplicant to authenticated to the network. On Wed, Jun 24, 2009 at 2:11 PM, John Rodkey <[email protected]> wrote: What attribute do you use to transmit the user's group within RADIUS? On Wed, Jun 24, 2009 at 11:08 AM, Lee H Badman <[email protected]> wrote: Hi Tom, We use forwarding of RADIUS accounting data (as users authenticate to 802.1x) into our NAC system- (using Cisco LWAPP, ACS and Impulse NAC)- works pretty well for single sign-on effect. Especially with the cached credentials for the supplicant- the whole thing ends up transparent to the user. Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Tom Parenti Sent: Wednesday, June 24, 2009 9:25 AM To: [email protected] Subject: [WIRELESS-LAN] Student 802.1x Hello All, We are looking to start doing 802.1x authentication on our student wireless. We are an Aruba customer and we use Cisco NAC. Today we have an open SSID. The students connect to the SSID, open a web browser and are redirected to the Cisco NAC log on page. We would like to continue with the single sign on with NAC if possible. I think that would mean the students would have to cache their credentials in the supplicant to get authenticated to the new 802.1x SSID. Student computers are not part of our domain. Has anyone had any experience setting up 802.1x with NAC? Thanks, Tom ________________________ Tom Parenti Network Administrator Johnson & Wales University 8 Abbott Park Place Providence, RI 02903 (401) 598-1557 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
