Perhaps SHA256 4K wasn't the best choice right now. The good news is that we're exclusively PAP (never thought I'd say that), so we're pretty much limited to computing devices on our 1x network. To my knowledge we haven't uncovered any compatibility issues other than our AirChecks.
-----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Jake Snyder Sent: Wednesday, November 30, 2016 9:28 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Decent tools, on sale Not necessarily an EAP-TLS issue. I've personally seen some medical devices that puke on larger certs as well. Even using PEAP, they still get the cert from the radius server for building the TLS tunnel. No tunnel, no credential exchange. No creds, no access. In one example, we saw a 3-part certificate delivery because cert was over 3200 bytes (3x 1500 MTU packets) and immediately saw a certificate reject. And these devices don't actually do any cert validation. Sent from my iPhone > On Nov 30, 2016, at 4:15 AM, Jethro R Binks <[email protected]> > wrote: > >> On Wed, 30 Nov 2016, Lee H Badman wrote: >> >> ?That's actually a pretty interesting question, Chuck. I run the G2 >> (and >> G1) against 802.1X as well with RADIUS using the longer certs... but- >> using PEAP w/MS-CHAPv2. Which in this context, is largely irrelevant >> because you can simply ignore the certs. I'm guessing that you're >> using TLS? > > Funnily enough I got a notification this week about new firmware for > the > G2: > > AirCheckā¢ G2 Wireless Network Tester v1.1.1 Maintenance Release > > but the notes don't mention about cert length fixes. > > . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks, Network Manager, > Information Services Directorate, University Of Strathclyde, Glasgow, > UK > > The University of Strathclyde is a charitable body, registered in > Scotland, number SC015263. > > >> >> >> Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+) >> Information Technology Services >> 206 Machinery Hall >> 120 Smith Drive >> Syracuse, New York 13244 >> t 315.443.3003 f 315.443.4325 e >> [email protected]<mailto:[email protected]> w its.syr.edu >> SYRACUSE UNIVERSITY >> syr.edu >> ________________________________ >> From: The EDUCAUSE Wireless Issues Constituent Group Listserv >> <[email protected]> on behalf of Chuck Enfield >> <[email protected]> >> Sent: Tuesday, November 29, 2016 8:58 PM >> To: [email protected] >> Subject: Re: [WIRELESS-LAN] Decent tools, on sale >> >> A gentle caution about the Aircheck. I love the product, but our gen >> 1 devices just took a major utility hit when we changed to a SHA-256 >> 4K cert that the device couldn't support. Now we can't use it for >> connectivity tests on our 1x SSID. There's a 2K key size limit on >> the gen 1 Airchecks. >> >> More troubling is that I've had a ticket open with NetScout for >> almost a month to see if the G2's can do better, but they've yet to >> offer an answer. I've pinged them twice, so it's not an issue of >> forgetting about my inquiry. They don't seem to know what their device >> can do. >> >> From: Lee H Badman<mailto:[email protected]> >> Sent: Tuesday, November 29, 2016 7:55 PM >> To: >> [email protected]<mailto:[email protected] >> USE.EDU> >> Subject: [WIRELESS-LAN] Decent tools, on sale >> >> >> http://netool.io/ competes with LinkSprinter- is a nice tool on sale >> right now, FYI. Also NetScout running buy one/get one sale on AirCheck >> G2- but that sale is almost over as well. >> >> Just FYI, both are worth having. >> >> Lee Badman (mobile) >> ********** Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/groups/. >> >> ********** >> Participation and subscription information for this EDUCAUSE Constituent >> Group discussion list can be found at http://www.educause.edu/groups/. >> >> > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
