We do it with WiSMs. WPA (greatest compatibility), TKIP, MS-CHAPv2 with native Windows/Mac supplicants for general users, and WPA2 for higher-security specialty networks. We use AD as credential store, and use ID Engines for supplicant configuration. Here are the biggest hang-ups/issues I see people experience as they ponder and then support 802.1x: - Which EAP type to use - Which RADIUS server to use - Which supplicants to allow/support - How to get those supplicants properly configured - The challenge of getting lots of outdated wireless drivers updated- very important But- once you get there, is largely a piece of cake to support. After having done captive portal and VPN, 802.1x is actually easier for us. But... 802.1x can also get very complex depending on how you choose to implement. There's simple go/nogo (if in AD then allow onto net) or use RADIUS attributes and VLAN steering to get very granular on who goes where and when. The more complex you make it, the harder it can be to support (like anything)... No specific 802.1x issues with LWAPP found here- although we still have all of LWAPP's other quirks to contend with. Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ________________________________
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Jenkins, Matthew Sent: Thursday, July 24, 2008 4:01 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Cisco WLAN 4400 Controllers and 802.1x How many others are doing 802.1x in a Cisco LWAPP environment? Have you had success with it, or would you recommend another route for authentication? Currently we are using VPNs over our secure wireless and I am investigating whether we would be ahead to start using 802.1x coupled with WPA. Any thoughts would be appreciated. Thanks, Matt Matthew Jenkins Network/Server Administrator Fairmont State University Visit us online at www.fairmontstate.edu <http://www.fairmontstate.edu/> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
