We are running Shared WEP128bit for our Faculty/Staff computers (owned by
the university) and no encryption on a broadcasted ssid for students/Others,
on the WEP side, no clean access required for systems, as they are on a NAC
Controlled vlan, and on the student side, we are using Clean Access...
We are looking at some of the PEAP/LEAP stuff, and honestly at this point I
wouldn't mind everyone to have a double login for more security.
Martin- Just a quick question or two- How do Palms and Older Laptops deal
with LEAP?
On 10/18/05 10:37 AM, "Flagg, Martin D." <[log in to unmask]> wrote:
> We are running PEAP/Leap using Cisco ACS although any Radius server
> would work. Once they have there PEAP/LEAP session we require CCA
> certification. I have been playing with the idea of dropping all
> encryption and only using CCA. I am thinking about doing this to make
> the wireless more user-friendly and eliminate the double authentication
> requirements. All our wireless is in one subnet, Faculty/Staff have an
> Attribute in Active Directory (synced with ACS) that makes CCA place
> Faculty/staff under a different CCA policy set. We also broadcast SIDS.
> We have about AP in the Dorms with the defined goal of covering common
> areas but we cover about 90+% of the rooms.
>
> Maybe I have opened my self up for the Critics but this has worked so
> far for us.
>
> Martin D. Flagg
> Network/Email Administrator
>
>
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of Duguay, Gerard
> Sent: Tuesday, October 18, 2005 10:17 AM
> To: [log in to unmask]
> Subject: Re: Wired+Wireless+CCA = unhappy
>
> The best we've come up with has been to have them remove CCA from
> startup, and manually do the one-interface-at-a-time approach. As noted,
> not ideal.
>
> If any of you are running CCA and not the old Perfigo, I'd be very
> interested in knowing how are you managing wireless authentication and
> encryption services apart from a proprietary Cisco solution.
>
> - Gerard Duguay
> Seattle Pacific University
>
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of Flagg, Martin D.
> Sent: Tuesday, October 18, 2005 1:32 AM
> To: [log in to unmask]
> Subject: Re: Wired+Wireless+CCA = unhappy
>
> I brought this up back when it was Perfigo and the engineers told me
> that it would be a major design change to fix this.
>
> Martin D. Flagg
> Network/Email Administrator
>
> Hiram College
>
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of Eric Weakland
> Sent: Monday, October 17, 2005 3:47 PM
> To: [log in to unmask]
> Subject: Wired+Wireless+CCA = unhappy
>
> All,
>
> First of all - I love this list and don't think our implementation would
>
> have gone nearly as well without it. Kudos to you all.
>
> Second - what have you all done to avoid having the CCA login box
> repeatedly pop up on users who are connected to both wired and wireless
> connections? Is there any way to prevent this at a system level rather
> than teaching 3000+ students how to only have one interface active at a
> time?
>
> Cheers,
>
> Eric Weakland, CISSP
> Director, Network Security
> Office of Information Technology (IT)
> American University
> [log in to unmask]
> 202.885.2241
-------------
Bradley W. Kramer
Network/Telecom Intern.
Ashland University
(419) 289-5630
[log in to unmask]
|