We use 802.1x to do machine auth on equipment that we own and that is in the domain. We use Group Policy to push all of the settings. We have auth type set to 'user or computer' once the user logs on it flips to user auth. Its really cool because NAC will give the computer a 'Computer' policy when nobody is logged in and we can push updates or get statictics on the machine when nobody is logged in. At the point when someone logs on the computer is already on the network and connected to AD. Logins are smooth and then the user gets whatever policy is appropriate for them.
Your question was most likely meant for student owned computers but college owned 802.1x has huge advantages. On Nov 19, 2013 6:26 PM, "Hanset, Philippe C" <phan...@utk.edu> wrote: > from the top of my head... > > ###What's bad for the user: > > -Captive portal: no encryption over the air, pesky re-authentication and > timeouts, no authentication of the infrastructure > (yes, when you accept that SSL Cert from RADIUS you actually authenticate > the infrastructure) > > -802.1X: finicky supplicants, and, without a good installer, long config > instructions. Strongly authenticated (can't escape the system ;-) > > ###What's bad for the network engineer (and user stuff as well...): > > -Captive portal: CPU capacity of portal (802.11ac!!!), clients taking IP > addresses and air time even if not authenticated, authentication can be > defeated > > -802.1X: bugs from various vendors. A pain the troubleshoot when not > working. Certificate Expiration and help desk calls resulting from it > > add yours! > > Philippe > > Philippe Hanset > www.eduroam.us > > > On Nov 19, 2013, at 2:10 PM, Jeff Kell <jeff-k...@utc.edu> wrote: > > > On 11/19/2013 4:05 PM, Peter P Morrissey wrote: > >> Can anyone name an application that does not have strong encryption? > >> > >> I'm not arguing against 802.1x, because it works very well for us as > users don't have to authenticate constantly on a portal, and we seem to do > a very good job getting them on initially, but I am having a hard time > understanding the encryption benefits lately. > > > > Does FireSheep or Ettercap ring any bells? > > > > Jeff > > > > ********** > > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
