We have been using certificates for many years now, with good results. We've
never used EAP-PEAP.
We have two PKIs. For administrative systems that are joined to our AD domain,
the domain PKI automatically issues certificates that are trusted, effectively
auto-configuring the system. For anything else, including BYOD, we use
Cloudpath, with it's built-in PKI.
Having the wireless authentication decoupled from the account process has been
very helpful over the years:
* Fewer lockouts due to badly configured mobile devices (doesn't help with
* Account suspensions and password changes don't knock devices offline
* No user passwords stored for wireless configurations, or shared with
Director of Network Operations
Worcester Polytechnic Institute
"For every problem, there is a solution that is simple, elegant, and wrong." -
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of David Morton <dmor...@uw.edu>
Sent: Friday, February 23, 2018 11:58 AM
Subject: [WIRELESS-LAN] PEAP vs TLS
We currently use EAP-PEAP for our eduroam/802.1x, but are now considering
adding EAP-TLS to the mix. We have several potential PKIs that we could use,
but all of them will take some work to get them ready for a production launch.
Given that resources are limited, I’m looking for some data points about others
who have moved, are thinking of moving or have decided not to adopt EAP-TLS.
To help gather some data can you please answer this short survey?
- Support 802.1x? -
If yes, do you:
- use EAP-PEAP on campus? -
- use EAP-TLS on campus? -
- What PKI/CA do you use: -
- If both, why and is one preferred? -
- If only PEAP, are you planning EAP-TLS? -
Brief description of why you’re doing what you’re doing and anything else that
might be helpful:
Thank you in advance
Director, Networks & Telecommunications
Services: Wi-Fi, Wired, Telephony, Mobile & HuskyTV
University of Washington
********** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/discuss.