There is more to it than just the onboarding platform. Regardless of what onboarding platform you use, the actual onboarding SSID and associated captive portal is extremely important at reducing helpdesk calls. We've gone through several iterations over a few years and think we finally got it right.
Ryan -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Muraca, Peppino P. Sent: Thursday, September 22, 2016 12:49 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.1x certificate authentication This is great information, I have been worried that this will create a ton of support calls. The key seems to make sure the onboarding system is a good one, we are also a cloudpath shop, but are hoping to get to clearpass. -Pino Peppino Muraca Sr. Network Administrator Stonehill College 508-565-1193 pmur...@stonehill.edu (OO=[][]=OO) -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen Sent: Wednesday, September 21, 2016 1:13 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.1x certificate authentication The Android experience is still good in my opinion, just weaker than iOS when you incorporate the Play Store. (I think ISE links to the Play Store too). Luckily, Cloudpath has the option of directly downloading the certs instead of requiring the app from the Play Store. Of course, a profile based option (What Google does with ChromeOS) negates the need for any link to the Play Store. -Curtis ________________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Turner, Ryan H <rhtur...@email.unc.edu> Sent: Wednesday, September 21, 2016 10:03 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.1x certificate authentication Android is definitely 'the' problem. In our stats, you can see that they are only 10% of the clients we onboard, but are closer to 90% of the trouble tickets. We were a Cloudpath customer and made the switch to SecureW2 (the android experience was a big reason). Ryan -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen Sent: Wednesday, September 21, 2016 11:55 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.1x certificate authentication We've been offering EAP-TLS for about 2 years. It's been the only supported option for BYOD for just over a year. Personally, I think the user experience is pretty good across all devices (Android is weaker but still not bad). I've heard rumblings that Android might be changing to a profile method more similar to ChromeOS ...so that would probably improve things. Our stats are eerily similar to Ryan's but we use the Cloudpath Enrollment System, and we have not disabled PEAP yet. Thanks, -- Curtis K. Larsen Senior Network Engineer University of Utah IT/CIS ________________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Turner, Ryan H <rhtur...@email.unc.edu> Sent: Wednesday, September 21, 2016 7:53 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.1x certificate authentication We are a very experienced shop with TLS. We've been using certificates for 4 years. We now use the SecureW2 onboarding platform to perform the operation, and we have been VERY happy with the results. Attached below is our statistics for onboarding from the Fall of 2015 to today. I would be happy to help you out. My contact information is below. In short, we've onboarded over 160,000 devices in the last two years (over 300k in 4). [cid:image001.jpg@01D213EE.09553910] Ryan Turner Manager of Network Operations ITS Communication Technologies The University of North Carolina at Chapel Hill r...@unc.edu<mailto:r...@unc.edu> +1 919 445 0113 Office +1 919 274 7926 Mobile From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Muraca, Peppino P. Sent: Wednesday, September 21, 2016 8:39 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] 802.1x certificate authentication Hello all, I was wondering who or if anyone is using 802.1x cert auth for all wireless devices, and if you are, what is the experience with student devices ? We are currently 802.1x username password , and have been thinking about the going the cer route. I feel the cert auth is still a painful experience for DYOD devices. Thank you Pino Peppino Muraca Sr. Network Administrator Stonehill College 508-565-1193 pmur...@stonehill.edu<mailto:pmur...@stonehill.edu> (OO=[][]=OO) ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fgroups%2F&data=01%7C01%7Crhturner%40email.unc.edu%7C0342ed2d3b6649f18ec208d3e237d0b2%7C58b3d54f16c942d3af081fcabd095666%7C1&sdata=ysMJchqMYCtLKm9TdNY%2BN6OVzQL6kOBQXDBCdUMYW%2B4%3D&reserved=0<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fgroups%2F&data=01%7C01%7Crhturner%40email.unc.edu%7Cab5faee7f3934ca14b2d08d3e21c6186%7C58b3d54f16c942d3af081fcabd095666%7C1&sdata=5%2B61MsU%2BNA0aTmcOTTqOmxfw9AJPKl51ZAuLVNkcLA8%3D&reserved=0>. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fgroups%2F&data=01%7C01%7Crhturner%40email.unc.edu%7C0342ed2d3b6649f18ec208d3e237d0b2%7C58b3d54f16c942d3af081fcabd095666%7C1&sdata=ysMJchqMYCtLKm9TdNY%2BN6OVzQL6kOBQXDBCdUMYW%2B4%3D&reserved=0. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fgroups%2F&data=01%7C01%7Crhturner%40email.unc.edu%7C0342ed2d3b6649f18ec208d3e237d0b2%7C58b3d54f16c942d3af081fcabd095666%7C1&sdata=ysMJchqMYCtLKm9TdNY%2BN6OVzQL6kOBQXDBCdUMYW%2B4%3D&reserved=0. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.educause.edu%2fgroups%2f&data=01%7c01%7crhturner%40email.unc.edu%7c9cc01b5d110b431639e808d3e3086e09%7c58b3d54f16c942d3af081fcabd095666%7c1&sdata=D%2bVGJVDtokgC5szbPxHGidkRg%2bhcbFQaKIa8QP9Lb%2fw%3d. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.educause.edu%2fgroups%2f&data=01%7c01%7crhturner%40email.unc.edu%7c9cc01b5d110b431639e808d3e3086e09%7c58b3d54f16c942d3af081fcabd095666%7c1&sdata=D%2bVGJVDtokgC5szbPxHGidkRg%2bhcbFQaKIa8QP9Lb%2fw%3d. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.educause.edu%2fgroups%2f&data=01%7c01%7crhturner%40email.unc.edu%7c9cc01b5d110b431639e808d3e3086e09%7c58b3d54f16c942d3af081fcabd095666%7c1&sdata=D%2bVGJVDtokgC5szbPxHGidkRg%2bhcbFQaKIa8QP9Lb%2fw%3d. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.