Perfect – thanks Ryan. We will be creating an onboarding SSID, I may pick your brain about that if I run into any challenges.
Chris Brizzell Assistant Director of Network and Technical Services and Network Administrator Skidmore College [email protected]<mailto:[email protected]> 518-580-5994 From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> On Behalf Of Turner, Ryan H Sent: Wednesday, September 25, 2019 9:58 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Aruba - Going from PEAP to TLS I can’t speak to the Clearpass, but you should spend more time validating the onboarding process so that it is smooth. That is going to be your issue. The setup won’t take long, but a poorly designed user experience will hurt you. I am going to assume you will use SecureW2s cloud PKI. We are going to be switching that that from an AD private PKI. Don’t be silly with certificate lengths or hashes. 2048 length with SHA256 works fine. No need to do anything more and risk client support issues (in my opinion). You should stand up a test onboarding SSID (if you are going to have one) and get people to go through the process before production and get feedback. Utilize the documentation other schools have built (wifi.unc.edu). If you haven’t used an onboarding SSID to date, then you have a lot of work just to make that work well. Realize that Android devices are going to be 75% of your issues. The other operating systems are pretty easy and straightforward (OSX is the second runner for issues). iOS and windows are a breeze. Good luck and welcome to the TLS club 😉 Ryan Turner Head of Networking The University of North Carolina at Chapel Hill +1 919 445 0113 Office +1 919 274 7926 Mobile [email protected]<mailto:[email protected]> From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]<mailto:[email protected]>> On Behalf Of Christopher Brizzell Sent: Wednesday, September 25, 2019 8:57 AM To: [email protected]<mailto:[email protected]> Subject: [WIRELESS-LAN] Aruba - Going from PEAP to TLS In what should have been done long ago, we would like to move off of our EAP-PEAP and onto EAP-TLS. Most likely we will be going with SecureW2 to help with that process. I’d like to hear from anyone who may have done this with Aruba OS and Clearpass, so as to avoid any pitfalls and look for advice on the best way to proceed. Thank You. Chris Brizzell Assistant Director of Network and Technical Services and Network Administrator Skidmore College [email protected]<mailto:[email protected]> 518-580-5994 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
