It's that time again... wireless printers/projectors- enterprise WLAN security?
Hello to the group. Has been a while since I last looked and got frustrated http://wirednot.wordpress.com/2013/03/01/hey-printer-makers-you-realize-that-its-2013-right/ so throwing it out there in case anyone on the list has found devices that have caught up with the times. The question: has anyone found- and put into service- a business-grade printer with a wireless interface that will do 802.1x auth and WPA2 encryption (no preshare security stuff)? Same same for projectors, but printers are the more interesting paradigm for my use case right now. Thanks, Lee Badman Syracuse University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] It's that time again... wireless printers/projectors- enterprise WLAN security?
I've noticed recently a few printers have actually shipped with zero hardwire connectivity of any kind - no ethernet, no USB, nothing. This lends support to my ongoing theory that, for the most part, printer manufacturers view wireless not as a general networking connectivity, but as a drop-in replacement for those pesky USB cables that are never quite long enough. I strongly suspect that until someone makes the rounds with a large bat with ENTERPRISE WIFI spelled out in nails on one end, the situation isn't likely to change. Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 12/2/2013 11:23 AM, Lee H Badman wrote: Hello to the group. Has been a while since I last looked and got frustrated _http://wirednot.wordpress.com/2013/03/01/hey-printer-makers-you-realize-that-its-2013-right/_ so throwing it out there in case anyone on the list has found devices that have caught up with the times. The question: has anyone found- and put into service- a business-grade printer with a wireless interface that will do 802.1x auth and WPA2 encryption (no preshare security stuff)? Same same for projectors, but printers are the more interesting paradigm for my use case right now. Thanks, Lee Badman Syracuse University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: 802.1x vs web-portal
Why do you say there are portal issues with https? Other than certificate error messages, http https redirects work fine with Aruba wireless. I know I had issues with https portals a few years ago when I tried portals with Cisco LWAP APs. Bruce Osborne Network Engineer IT Network Services (434) 592-4229 Liberty University | Training Champions for Christ since 1971 -Original Message- From: Arran Cudbard-Bell [mailto:a.cudba...@freeradius.org] Sent: Friday, November 29, 2013 2:25 PM Subject: Re: 802.1x vs web-portal On 19 Nov 2013, at 21:00, Ken LeCompte lecom...@oit.rutgers.edu wrote: One major consideration is that the use of https for more and more webpages is resulting in more confused users not getting redirected to captive portal login pages. A workaround for some devices would be to to add a WISPr responder to the portal. It will work will all recent iOS and OSX devices, some Windows Phones, and Windows 8/8.1. http://msdn.microsoft.com/en-us/library/windows/hardware/dn408675.aspx There is no perfect solution to portal redirection, but WISPr does seem a good way forward. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] It's that time again... wireless printers/projectors- enterprise WLAN security?
If you're talking campus-owned devices, I (thankfully) haven't had a need to do this yet. Hopefully it stays that way, though I'm kind of expecting a request for this for the Spring new student check-in line (I'll be watching other responses for someone to suggest a model that works well). If you're talking student devices, I still feel like the best answer is to make available a strong printer gateway solution via a product like PaperCut, and heavily promote this option while at the same time discouraging students from bringing any printer at all, even the wired variety. Joel Coehoorn Director of Information Technology York College, Nebraska 402.363.5603 jcoeho...@york.edu *The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society* On Mon, Dec 2, 2013 at 11:37 AM, Frank Sweetser f...@wpi.edu wrote: I've noticed recently a few printers have actually shipped with zero hardwire connectivity of any kind - no ethernet, no USB, nothing. This lends support to my ongoing theory that, for the most part, printer manufacturers view wireless not as a general networking connectivity, but as a drop-in replacement for those pesky USB cables that are never quite long enough. I strongly suspect that until someone makes the rounds with a large bat with ENTERPRISE WIFI spelled out in nails on one end, the situation isn't likely to change. Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 12/2/2013 11:23 AM, Lee H Badman wrote: Hello to the group. Has been a while since I last looked and got frustrated _http://wirednot.wordpress.com/2013/03/01/hey-printer- makers-you-realize-that-its-2013-right/_ so throwing it out there in case anyone on the list has found devices that have caught up with the times. The question: has anyone found- and put into service- a business-grade printer with a wireless interface that will do 802.1x auth and WPA2 encryption (no preshare security stuff)? Same same for projectors, but printers are the more interesting paradigm for my use case right now. Thanks, Lee Badman Syracuse University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] 802.1x vs web-portal
Many places have problems with OSCP... they don't let users that join the portal check for the OCSP validity (forget to allow for this in firewall) of the portal's certificate. That will make some OSes that don't automatically switch to CRL fail. Or worse, certificate providers change the IP address of their OCSP servers, and portals and firewall were configured with a static IP address of the OCSP servers... that can make portals fail as well. It would be nice to allow to check everything by name, but some firewalls are still finicky about that! Philippe Hanset www.eduroam.us On Dec 2, 2013, at 1:02 PM, Osborne, Bruce W (Network Services) bosbo...@liberty.edu wrote: Why do you say there are portal issues with https? Other than certificate error messages, http https redirects work fine with Aruba wireless. I know I had issues with https portals a few years ago when I tried portals with Cisco LWAP APs. Bruce Osborne Network Engineer IT Network Services (434) 592-4229 Liberty University | Training Champions for Christ since 1971 -Original Message- From: Arran Cudbard-Bell [mailto:a.cudba...@freeradius.org] Sent: Friday, November 29, 2013 2:25 PM Subject: Re: 802.1x vs web-portal On 19 Nov 2013, at 21:00, Ken LeCompte lecom...@oit.rutgers.edu wrote: One major consideration is that the use of https for more and more webpages is resulting in more confused users not getting redirected to captive portal login pages. A workaround for some devices would be to to add a WISPr responder to the portal. It will work will all recent iOS and OSX devices, some Windows Phones, and Windows 8/8.1. http://msdn.microsoft.com/en-us/library/windows/hardware/dn408675.aspx There is no perfect solution to portal redirection, but WISPr does seem a good way forward. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] 802.1x vs web-portal
On our captive portal we just run a cron job once a day to pull the latest OCSP IP addresses to be whitelisted, and never have had a problem with SSL. Dale Thus spake Hanset, Philippe C (phan...@utk.edu) on Mon, Dec 02, 2013 at 06:58:24PM +: Many places have problems with OSCP... they don't let users that join the portal check for the OCSP validity (forget to allow for this in firewall) of the portal's certificate. That will make some OSes that don't automatically switch to CRL fail. Or worse, certificate providers change the IP address of their OCSP servers, and portals and firewall were configured with a static IP address of the OCSP servers... that can make portals fail as well. It would be nice to allow to check everything by name, but some firewalls are still finicky about that! Philippe Hanset www.eduroam.us On Dec 2, 2013, at 1:02 PM, Osborne, Bruce W (Network Services) bosbo...@liberty.edu wrote: Why do you say there are portal issues with https? Other than certificate error messages, http https redirects work fine with Aruba wireless. I know I had issues with https portals a few years ago when I tried portals with Cisco LWAP APs. Bruce Osborne Network Engineer IT Network Services (434) 592-4229 Liberty University | Training Champions for Christ since 1971 -Original Message- From: Arran Cudbard-Bell [mailto:a.cudba...@freeradius.org] Sent: Friday, November 29, 2013 2:25 PM Subject: Re: 802.1x vs web-portal On 19 Nov 2013, at 21:00, Ken LeCompte lecom...@oit.rutgers.edu wrote: One major consideration is that the use of https for more and more webpages is resulting in more confused users not getting redirected to captive portal login pages. A workaround for some devices would be to to add a WISPr responder to the portal. It will work will all recent iOS and OSX devices, some Windows Phones, and Windows 8/8.1. http://msdn.microsoft.com/en-us/library/windows/hardware/dn408675.aspx There is no perfect solution to portal redirection, but WISPr does seem a good way forward. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.