Re: [WIRELESS-LAN] Eduroam question

[Hanset, Philippe C]

Brian,

With eduroam the relation is strictly between the client and its home 
institution.
As long as you use a tunneled EAP method (PEAP, EAP-TTLS, EAP-TLS, EAP-FAST, 
)
you will be able to join eduroam. The main national and international eduroam 
servers only help pass the TLS tunnel
between a user and its home institution without interruption (and using the 
outer tunnel information for "routing"),
which makes the whole process EAP agnostic (as long as it can negotiate a TLS 
tunnel)

In summary: Pick any tunneled EAP method that your institution feels 
comfortable using.

Best,

Philippe

Philippe Hanset
Univ. of TN, Knoxville
www.eduroamus.org

On Apr 12, 2012, at 1:33 PM, Brian David wrote:

Greeting all,
We are looking into Eduroam again…I know other schools have done this..
One of the questions that came up is…Does every school use the same EAP type on 
the eduroam SSID?

Brian J David
Network Systems Engineer
Boston College

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found 
athttp://www.educause.edu/groups/.









**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Eduroam question

[Ian McDonald]

No they don't. That's one of the beauties of Eduroam. :)
--
ian
-Original Message-
From: Brian David
Sent:  12/04/2012, 18:33
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Eduroam question

Greeting all,
We are looking into Eduroam again…I know other schools have done this..
One of the questions that came up is…Does every school use the same EAP type on 
the eduroam SSID?

Brian J David
Network Systems Engineer
Boston College

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] PacketFence

[Mark Duling]

We started to look at PacketFence but before even getting to test it Cisco
released ISE and then we switched to kicking the tires on that.  Though I
know some universities use PacketFence quite successfully, for all the
strengths of the open source way the hassles of it in a product like that
(poor documentation and such) are significant depending on how your IT
staff is structured and their goals.  The well-known tradeoffs between
commercial products with good documentation and support and a
do-it-yourself approach has ramifications that reach down even to staffing
and turnover.  Anyway, there were some portal limitations in ISE 1.0 such
that we weren't happy with the usability so we decided to wait for the next
release.  It appears from the documentation that 1.1 may have dealt with
these so we'll start testing that version soon.

I have seen people talking about the high cost of ISE, but ISE base without
the posture checking is quite reasonable.  I think if you aren't doing
posture checking or enforcing remediation anymore with your NAC solution or
intending to do it with PacketFence I think ISE base should be the price
comparison rather than the much more expensive ISE advanced add-on or
whatever the name.  From what I can see ISE is now very feature rich in
regard to guest registration, though we've not used it in production yet.

Mark


On Thu, Apr 12, 2012 at 7:16 AM, Johnson, Neil M wrote:

> I would be interested in talking to anyone about their experiences using
> packetfence (http://www.packetfence.org) to register guest users on their
> wireless network.
>
> Thanks.
> -Neil
>
> --
> Neil Johnson
> Network Engineer
> The University of Iowa
> Phone: 319 384-0938
> Fax: 319 335-2951
> Mobile: 319 540-2081
> E-Mail: neil-john...@uiowa.edu
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Eduroam question

[Brian David]

Greeting all,
We are looking into Eduroam again...I know other schools have done this..
One of the questions that came up is...Does every school use the same EAP type 
on the eduroam SSID?

Brian J David
Network Systems Engineer
Boston College


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] PacketFence

[Jesse Safran]

It used ARP spoofing (which is the last time I used it in a past job) and
has changed quite a bit.

I know Weber State uses it and Tristan (their network engineer) often
promotes it on the NETMAN list, as shown in this post:
http://listserv.educause.edu/cgi-bin/wa.exe?A2=ind11&L=NETMAN&T=0&F=&S=&P=326491.
They might be able to help out :-)

-Jesse


On Thu, Apr 12, 2012 at 11:34 AM, Dale W. Carder  wrote:

> The last time I looked at it (years and years ago), it used dns spoofing to
> capture/redirect clients?  My first thought was that it would not work w/
> dnssec, so I haven't looked at it since and would be curious if that
> changed.
>
> Dale
>
>
> Thus spake Johnson, Neil M (neil-john...@uiowa.edu) on Thu, Apr 12, 2012
> at 02:16:12PM +:
> > I would be interested in talking to anyone about their experiences using
> > packetfence (http://www.packetfence.org) to register guest users on
> their
> > wireless network.
> >
> > Thanks.
> > -Neil
> >
> > --
> > Neil Johnson
> > Network Engineer
> > The University of Iowa
> > Phone: 319 384-0938
> > Fax: 319 335-2951
> > Mobile: 319 540-2081
> > E-Mail: neil-john...@uiowa.edu
> >
> > **
> > Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>



-- 
Jesse Safran
Sr. Desktop Supervisor/Assist. Network Admin
Green Mountain College
1 Brennan Circle
Poultney, VT 05764
802-287-0105 (Cell)
802-287-8264 (IT Computer Support Line)
safr...@greenmtn.edu 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] PacketFence

[Dale W. Carder]

The last time I looked at it (years and years ago), it used dns spoofing to 
capture/redirect clients?  My first thought was that it would not work w/
dnssec, so I haven't looked at it since and would be curious if that
changed.

Dale


Thus spake Johnson, Neil M (neil-john...@uiowa.edu) on Thu, Apr 12, 2012 at 
02:16:12PM +:
> I would be interested in talking to anyone about their experiences using
> packetfence (http://www.packetfence.org) to register guest users on their
> wireless network.
> 
> Thanks.
> -Neil
> 
> -- 
> Neil Johnson
> Network Engineer
> The University of Iowa
> Phone: 319 384-0938
> Fax: 319 335-2951
> Mobile: 319 540-2081
> E-Mail: neil-john...@uiowa.edu
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

PacketFence

[Johnson, Neil M]

I would be interested in talking to anyone about their experiences using
packetfence (http://www.packetfence.org) to register guest users on their
wireless network.

Thanks.
-Neil

-- 
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081
E-Mail: neil-john...@uiowa.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.