group determined by cisco? or by impluse? how do you enforce this? ________________________________
From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Lee H Badman Sent: Wed 6/24/2009 4:54 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Student 802.1x For wireless, we don't differentiate between students/staff. We certainly do for NAC, but for RADIUS it's simple go/nogo. Then once you're on the WLAN, what group you fall into drives how you're handled for NAC. -Lee ________________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [[email protected]] On Behalf Of John Rodkey [[email protected]] Sent: Wednesday, June 24, 2009 2:11 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Student 802.1x What attribute do you use to transmit the user's group within RADIUS? On Wed, Jun 24, 2009 at 11:08 AM, Lee H Badman <[email protected]<mailto:[email protected]>> wrote: Hi Tom, We use forwarding of RADIUS accounting data (as users authenticate to 802.1x) into our NAC system- (using Cisco LWAPP, ACS and Impulse NAC)- works pretty well for single sign-on effect. Especially with the cached credentials for the supplicant- the whole thing ends up transparent to the user. Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Tom Parenti Sent: Wednesday, June 24, 2009 9:25 AM To: [email protected]<mailto:[email protected]> Subject: [WIRELESS-LAN] Student 802.1x Hello All, We are looking to start doing 802.1x authentication on our student wireless. We are an Aruba customer and we use Cisco NAC. Today we have an open SSID. The students connect to the SSID, open a web browser and are redirected to the Cisco NAC log on page. We would like to continue with the single sign on with NAC if possible. I think that would mean the students would have to cache their credentials in the supplicant to get authenticated to the new 802.1x SSID. Student computers are not part of our domain. Has anyone had any experience setting up 802.1x with NAC? Thanks, Tom ________________________ Tom Parenti Network Administrator Johnson & Wales University 8 Abbott Park Place Providence, RI 02903 (401) 598-1557 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
