I am surprised ( and appalled) that Cisco would recommend *WPA2-Personal* (aka WPA2-PSK) in an Enterprise environment. We are currently using PEAP-MSCHAPv2 with our WPAs-Enterprise (aka 802.1X) wireless network.
For self-registration on devices that cannot use 802.1X, we are using a custom portal with the ClearPass APIs. We are currently using an open network for mac authentication. We block our website & Blackboard system to “encourage” users to use our secure network for laptops instead of registering for mac auth. We are considering moving to using certs with ClearPass Onbiard, but have not yet imp;lemented. We are currently using CloudPath Wizard for onboarding 802.1X devices. Bruce Osborne Wireless Engineer IT Network Services - Wireless (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: T. Shayne Ghere [mailto:[email protected]] Sent: Monday, August 1, 2016 10:06 AM Subject: Cisco ISE Good morning, Currently we have a home grown wireless registration system in place that is becoming obsolete. We are getting ready to refresh our Cisco AP’s, and I’m writing to see if anyone has any positive/negative issues in using Cisco ISE for individual “self” registration on your wireless network. We also use WPA2/AES Certificate based security, but that is problematic because of compatibility issues and devices that have no way of accepting certs. In talking with some Cisco Wireless Engineers, they recommend WPA2/AES-PSK but we don’t have the manpower to set that up on every device. We also do not NAT any devices. If you have any suggestions, or comments on using ISE and moving away from Certs, I would greatly appreciate them. Thanks Shayne ---------------------------------- T. Shayne Ghere Bradley University Wireless/Lan Network Engineer 1501 W. Bradley Ave, Jobst 224A [email protected]<mailto:[email protected]> FBI CA Graduate2011 Alumni FBI InfraGard Member ---------------------------------- UPCOMING OUT OF OFFICE None ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
