We don’t use CRLs or OCSP. If we have a trouble client, we drop the MAC and not the certificate. I don’t like delays in the authentication process, and found the gains not worth what I would gain. However, every institution is different.
From: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Norton, Thomas (Network Operations) Sent: Wednesday, September 25, 2019 11:14 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] [External] [WIRELESS-LAN] Aruba - Going from PEAP to TLS We’re currently going through this process as well, would love to get feedback as well. We’re going to be using their windows (WSTEP integration) as well for internal clients. Interesting to see everyone else take. CRL so far has been the biggest caveat on the CPPM side. Aruba really likes to push OCSP, so making sure the update times are setup accordingly are important CRL wise. T.J. Norton Wireless Network Architect Network Operations (434) 592-6552 [cid:image001.jpg@01D573AF.3BF0B740] Liberty University | Training Champions for Christ since From: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of Christopher Brizzell <00000113a07d9d59-dmarc-requ...@listserv.educause.edu<mailto:00000113a07d9d59-dmarc-requ...@listserv.educause.edu>> Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Wednesday, September 25, 2019 at 8:57 AM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: [External] [WIRELESS-LAN] Aruba - Going from PEAP to TLS ________________________________ [ EXTERNAL EMAIL: Do not click any links or open attachments unless you know the sender and trust the content. ] ________________________________ In what should have been done long ago, we would like to move off of our EAP-PEAP and onto EAP-TLS. Most likely we will be going with SecureW2 to help with that process. I’d like to hear from anyone who may have done this with Aruba OS and Clearpass, so as to avoid any pitfalls and look for advice on the best way to proceed. Thank You. Chris Brizzell Assistant Director of Network and Technical Services and Network Administrator Skidmore College cbriz...@skidmore.edu<mailto:cbriz...@skidmore.edu> 518-580-5994 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctnorton7%40LIBERTY.EDU%7C179ff545520044daff5a08d741b7e03a%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C637050130305852443&sdata=wdXhYCri1qOT28a%2Fn%2B0XqsH%2FgkzofBT49Gn4LodrVOw%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community