We aren’t doing eap-tls other than our lab testing right now but talking to multiple other universities, we decided to go with SecureW2 to do the certificate creation and BYOD onboarding. It works great so far in our testing and we plan to use it on our wired NAC. There’s the option to use the cert for VPN as well. SecureW2 has hooks into JAMF, Windows management, and Airwatch systems to onboard university managed devices, and it also has the BYOD dissolvable agent.
Thanks, Lynn Heavrin Network Engineer II | Network Engineering Washington University in St. Louis 4480 Clayton Ave, St. Louis, MO 63110 Mail stop 8218-45-1200 •: 314.935.3877 | •:lheav...@wustl.edu<mailto:lheav...@wustl.edu> From: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of "Brady J. Ballstadt" <bjbal...@uark.edu> Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Date: Monday, April 13, 2020 at 9:24 AM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] NAC/authentication implementations Hello everyone, Have a few questions as we do some research to add on to our NAC implementation and trying to avoid issues or at least minimize them. 1. If you have a NAC solution do you do port based auth? 2. If you have a NAC solution do you do eap-tls? If so how are you handling the certification “push” to devices? 3. What were the major pain points during implementation? 4. What were the major use cases you were resolving/resolved? 5. Anything you would do differently if you do it again? Any extra information would be great as well. Thank you, Brady Ballstadt University of Arkansas ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ________________________________ The materials in this message are private and may contain Protected Healthcare Information or other information of a sensitive nature. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
