[unisog] Encrypted wireless for students

Julian Y. Koh kohster at northwestern.edu
Wed Aug 22 19:52:50 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There's a great EDUCAUSE mailing list (WIRELESS-LAN at LISTSERV.EDUCAUSE.EDU)
where all of your questions can be answered.  See
<http://www.educause.edu/WirelessLocalAreaNetworkingConstituentGroup/987> for
more info.

At 09:08 -0400 08/22/2007, John York wrote:
>Back in the WEP
>days we decided to go with a captive net connected to a VPN
>concentrator.  The wireless itself is wide open, but the only way to
>escape the captive net is by using a VPN client and the concentrator.
>This works pretty well, but means the students have to install the
>(Cisco) VPN client.

The Cisco concentrators and their successors (ASA) can also accept L2TP/IPSec
connections from clients without having to use the Cisco IPSec client.  The
older concentrators can also do PPTP, but that's a deprecated protocol.
That's how our first-gen wireless network is set up.

At 09:08 -0400 08/22/2007, John York wrote:
>WPA with PEAP would be most secure, but we've had
>terrible luck with Windows users getting it to work without a
>third-party client.

Really?  We're having no real issues with WPA2-Enterprise using EAP-PEAPv0
(MS-CHAPv2) with Windows, Mac OS X, and Linux clients.  That's what our
next-gen wireless network has been working for over a year now.

Once we transition from our fat APs to a controller-based model, enabling a
built-in captive portal to maintain compatibility with devices that can't do
802.1X authentication with WPA2-Enterprise will become much easier.


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)
Comment: <http://bt.ittns.northwestern.edu/julian/pgppubkey.html>

wj8DBQFGzJQQDlQHnMkeAWMRAi34AJ4jC618sC3nTICLTXDNXXFzkdc5BwCgj130
RpkgFn5Uy/pgyyMKW0yW894=
=3kLE
-----END PGP SIGNATURE-----

-- 
Julian Y. Koh                         <mailto:kohster at northwestern.edu>
Network Engineer                                   <phone:847-467-5780>
Telecommunications and Network Services         Northwestern University
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>


More information about the unisog mailing list