- Support 802.1x? - Yes
- use EAP-PEAP on campus? - Yes - use EAP-TLS on campus? – Yes - What PKI/CA do you use: - - If both, why and is one preferred? - We’ve always had EAP-PEAP since 2006 when we first started. We used Cloudpath Wizard a few years later to help configure clients, and migrated to Cloudpath Enrolment System when it came out and use EAP-TLS. We don’t force EAP-TLS, but essentially push all users requiring support to Cloudpath and EAP-TLS EAP-PEAP remains available, we may consider turning it of in the future but there’s other fish to fry. TLS is organically growing pretty well. If you want EAP-TLS Cloudpath has been great, many people love Secure W2. Check them both out Brief description of why you’re doing what you’re doing and anything else that might be helpful: Less lockouts from client devices are a great bonus at password change time. Also if an AD lockout occurs (for any reason), an EAP-TLS configured device still gets authenticated and has wifi access. Have generally found that many clients are happier on EAP-TLS. After reports of stability issues, investigating RF and no real problems. EAP-TLS and users claim things are better. -- Jason Cook Information Technology and Digital Services The University of Adelaide, AUSTRALIA 5005 Ph : +61 8 8313 4800 CRICOS Provider Number 00123M ----------------------------------------------------------- This email message is intended only for the addressee(s) and contains information which may be confidential and/or copyright. If you are not the intended recipient please do not read, save, forward, disclose, or copy the contents of this email. If this email has been sent to you in error, please notify the sender by reply email and delete this email and any copies or links to this email completely and immediately from your system. No representation is made that this email is free of viruses. Virus scanning is recommended and is the responsibility of the recipient. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of David Morton Sent: Saturday, 24 February 2018 3:29 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] PEAP vs TLS We currently use EAP-PEAP for our eduroam/802.1x, but are now considering adding EAP-TLS to the mix. We have several potential PKIs that we could use, but all of them will take some work to get them ready for a production launch. Given that resources are limited, I’m looking for some data points about others who have moved, are thinking of moving or have decided not to adopt EAP-TLS. To help gather some data can you please answer this short survey? Do you: - Support 802.1x? - If yes, do you: - use EAP-PEAP on campus? - - use EAP-TLS on campus? - - What PKI/CA do you use: - - If both, why and is one preferred? - - If only PEAP, are you planning EAP-TLS? - Brief description of why you’re doing what you’re doing and anything else that might be helpful: Thank you in advance David David Morton Director, Networks & Telecommunications Services: Wi-Fi, Wired, Telephony, Mobile & HuskyTV University of Washington dmor...@uw.edu<mailto:dmor...@uw.edu> tel 206.221.7814 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.