On Mon, 2003-08-25 at 16:18, Philippe Hanset wrote: > As an add-on to Dewitt's question: > > If you use 802.1x with another solution for encryption, > how to you solve the catch 22 problem of registration? > (The 802.1x client needs to have an entry in the database > before it can reach the network, how do you register > if you cannot reach the network)
My approach to this was going to be to set up a standalone AP by our help desk (and possibly a couple of others in hot locations) with open settings (broadcast SSID, no encryption, anyone can associate) on private IP space with no routing (on a non-routed VLAN). The only accessible thing on that AP will be a web page with an enrollment application, accessible through transparent proxy (much like Bluesocket and such use for the logins). This would be only for enrollment of your 802.1x TLS certificate. Once you get that, you reconfigure for the true wireless LAN, and off you go. -- --Mike -------------------------------- Michael Griego Wireless Network Administrator University of Texas at Dallas ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
