They don’t care about DHCPv6 either :P T.J. Norton Wireless Network Architect Network Operations
(434) 592-6552 Liberty University | Training Champions for Christ since On 9/25/19, 11:02 AM, "The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Hunter Fuller" <[email protected] on behalf of [email protected]> wrote: ________________________________ [ EXTERNAL EMAIL: Do not click any links or open attachments unless you know the sender and trust the content. ] ________________________________ It's not just TLS. At this point it's clear that the Android developers don't care at all about wireless security, whether via TLS, PEAP, or anything except PSK. There has been minimal improvement in Android 9 and above, 5+ years after everyone else got it right. But by and large, Google fights you the entire time you are trying to provide a secure wireless experience to their users. -- Hunter Fuller Router Jockey VBH Annex B-5 +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Network Engineering On Wed, Sep 25, 2019 at 9:56 AM Jonathan Oakden <[email protected]> wrote: > > All great advice from Ryan. > > We use Ruckus Cloudpath for our onboarding. > > When TLS works it’s great. It’s mostly shoddy implementations on OS’s that give problems. That’s why Android forms the bulk of the issues. If Google ever get that sorted it will be an enormous help. Windows became a lot easier and more reliable from the launch of W10. > > > > Jonathan Oakden > > Loughborough University > > > > From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> on behalf of "Turner, Ryan H" <[email protected]> > Reply to: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> > Date: Wednesday, 25 September 2019 at 14:58 > To: "[email protected]" <[email protected]> > Subject: Re: [WIRELESS-LAN] Aruba - Going from PEAP to TLS > > > > I can’t speak to the Clearpass, but you should spend more time validating the onboarding process so that it is smooth. That is going to be your issue. The setup won’t take long, but a poorly designed user experience will hurt you. I am going to assume you will use SecureW2s cloud PKI. We are going to be switching that that from an AD private PKI. Don’t be silly with certificate lengths or hashes. 2048 length with SHA256 works fine. No need to do anything more and risk client support issues (in my opinion). > > > > You should stand up a test onboarding SSID (if you are going to have one) and get people to go through the process before production and get feedback. Utilize the documentation other schools have built (wifi.unc.edu). If you haven’t used an onboarding SSID to date, then you have a lot of work just to make that work well. Realize that Android devices are going to be 75% of your issues. The other operating systems are pretty easy and straightforward (OSX is the second runner for issues). iOS and windows are a breeze. > > > > Good luck and welcome to the TLS club > > > > > > Ryan Turner > > Head of Networking > > The University of North Carolina at Chapel Hill > > +1 919 445 0113 Office > > +1 919 274 7926 Mobile > > [email protected] > > > > > > > > From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> On Behalf Of Christopher Brizzell > Sent: Wednesday, September 25, 2019 8:57 AM > To: [email protected] > Subject: [WIRELESS-LAN] Aruba - Going from PEAP to TLS > > > > In what should have been done long ago, we would like to move off of our EAP-PEAP and onto EAP-TLS. > > > > Most likely we will be going with SecureW2 to help with that process. > > > > I’d like to hear from anyone who may have done this with Aruba OS and Clearpass, so as to avoid any pitfalls and look for advice on the best way to proceed. > > > > Thank You. > > > > Chris Brizzell > > Assistant Director of Network and Technical Services and Network Administrator > > Skidmore College > > [email protected] > > 518-580-5994 > > > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctnorton7%40LIBERTY.EDU%7C7dc691e1197f4785e2dc08d741c96e5c%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C637050205704628537&sdata=yEcdLicMsdPKd4d%2F5r30Z7Rdmg5tE9kDQ6onDhJPdSE%3D&reserved=0 > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctnorton7%40LIBERTY.EDU%7C7dc691e1197f4785e2dc08d741c96e5c%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C637050205704628537&sdata=yEcdLicMsdPKd4d%2F5r30Z7Rdmg5tE9kDQ6onDhJPdSE%3D&reserved=0 > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctnorton7%40LIBERTY.EDU%7C7dc691e1197f4785e2dc08d741c96e5c%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C637050205704628537&sdata=yEcdLicMsdPKd4d%2F5r30Z7Rdmg5tE9kDQ6onDhJPdSE%3D&reserved=0 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctnorton7%40LIBERTY.EDU%7C7dc691e1197f4785e2dc08d741c96e5c%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C637050205704628537&sdata=yEcdLicMsdPKd4d%2F5r30Z7Rdmg5tE9kDQ6onDhJPdSE%3D&reserved=0 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
