Bruce,
It was a consultant that recommended it, but for gaming/non-802.1x capable devices. I may have stated it incorrectly. Our problem is that we have more and more devices that are non-standard Windows/Mac OS so the certificate don’t work. Most are Engineering/IT students and it’s an uphill battle for us. We’re currently looking at Apogee to take over our Dorm wired/wireless network, but we can do the same thing with our own equipment. The question we’re asking ourselves is..do we want to create an open network in the dorms, firewall them from everything unless they’re using secure wireless, or continue to fight the certificate issues. We have a homegrown registration system, but we’re quickly outgrowing it and need to move to something that’s all encompassing. We used ACS a few years ago, but our CIO (at the time) wanted to move to all open source and that’s caused more headaches than anything. I do have a conference call with Cisco deployment on Wednesday, but just wanted to get a feel how others in our field like the product, and what real world issues you’ve had. Unfortunately, we don’t get that kind of feedback from the manufacturer. I appreciate all the e-mails and responses! Shayne *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Osborne, Bruce W (Network Services) *Sent:* Tuesday, August 02, 2016 6:33 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Cisco ISE I am surprised ( and appalled) that Cisco would recommend **WPA2-Personal** (aka WPA2-PSK) in an Enterprise environment. We are currently using PEAP-MSCHAPv2 with our WPAs-Enterprise (aka 802.1X) wireless network. For self-registration on devices that cannot use 802.1X, we are using a custom portal with the ClearPass APIs. We are currently using an open network for mac authentication. We block our website & Blackboard system to “encourage” users to use our secure network for laptops instead of registering for mac auth. We are considering moving to using certs with ClearPass Onbiard, but have not yet imp;lemented. We are currently using CloudPath Wizard for onboarding 802.1X devices. *Bruce Osborne* *Wireless Engineer* *IT Network Services - Wireless* *(434) 592-4229* *LIBERTY UNIVERSITY* *Training Champions for Christ since 1971* *From:* T. Shayne Ghere [mailto:sgh...@fsmail.bradley.edu <sgh...@fsmail.bradley.edu>] *Sent:* Monday, August 1, 2016 10:06 AM *Subject:* Cisco ISE Good morning, Currently we have a home grown wireless registration system in place that is becoming obsolete. We are getting ready to refresh our Cisco AP’s, and I’m writing to see if anyone has any positive/negative issues in using Cisco ISE for individual “self” registration on your wireless network. We also use WPA2/AES Certificate based security, but that is problematic because of compatibility issues and devices that have no way of accepting certs. In talking with some Cisco Wireless Engineers, they recommend WPA2/AES-PSK but we don’t have the manpower to set that up on every device. We also do not NAT any devices. If you have any suggestions, or comments on using ISE and moving away from Certs, I would greatly appreciate them. Thanks Shayne ---------------------------------- T. Shayne Ghere Bradley University Wireless/Lan Network Engineer 1501 W. Bradley Ave, Jobst 224A sgh...@fsmail.bradley.edu *FBI CA Graduate2011 Alumni* *FBI InfraGard Member* ---------------------------------- *UPCOMING OUT OF OFFICE* None ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
