Walt,
Good point about the EAP method.
Matt,
Because we have to authenticate several different users, we HAD to use
EAP-TTLS. This is probably where you will have to do most of your
research. In this case, there aren't really any wrong ways of doing
things. You just have to make an educated decision as to what is best
for you, and move forward.
Thanks.
Jorge Bodden
Walt Howd wrote:
We're doing 802.1x with LWAPP. We have two controllers, 300 APs and
average around 1100 concurrent wireless users.
We just switched to 802.1x authentication last year, with great
success. Previously we ran a network with just WEP and MAC address
registration. Last summer we brought a new wireless network up on the
controllers supporting WPA1 and WPA2 with TKIP and AES enabled. We
then turned on a captive portal on the legacy network that redirected
users to a website containing information on the new network and a
switch over date. The users could choose to see the directions on how
to switch, or continue using legacy network up until the switchover
deadline.
A big factor in the 802.1x puzzle that will determine the success of
your project is your EAP method. We chose PEAPv0 as it had the
greatest compatibility in our environment and lowest overhead. Hope
this helps!
Walt
On Jul 24, 2008, at 3:01 PM, Jenkins, Matthew wrote:
How many others are doing 802.1x in a Cisco LWAPP environment? Have
you had success with it, or would you recommend another route for
authentication? Currently we are using VPNs over our secure wireless
and I am investigating whether we would be ahead to start using
802.1x coupled with WPA. Any thoughts would be appreciated.
Thanks,
Matt
*Matthew Jenkins
*Network/Server Administrator
Fairmont State University
Visit us online at www.fairmontstate.edu <http://www.fairmontstate.edu/>
********** Participation and subscription information for this
EDUCAUSE Constituent Group discussion list can be found
at http://www.educause.edu/groups/.
********** Participation and subscription information for this
EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
--------------------
This electronic message is intended to be for the use only of the named
recipient, and may contain information that is confidential or privileged. If
you are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution or use of the contents of this message is
strictly prohibited. If you have received this message in error or are not the
named recipient, please notify us immediately by contacting the sender at the
electronic mail address noted above, and delete and destroy all copies of this
message. Thank you.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.