Subject: | |
From: | |
Reply To: | |
Date: | Tue, 18 Oct 2005 10:37:01 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
We are running PEAP/Leap using Cisco ACS although any Radius server
would work. Once they have there PEAP/LEAP session we require CCA
certification. I have been playing with the idea of dropping all
encryption and only using CCA. I am thinking about doing this to make
the wireless more user-friendly and eliminate the double authentication
requirements. All our wireless is in one subnet, Faculty/Staff have an
Attribute in Active Directory (synced with ACS) that makes CCA place
Faculty/staff under a different CCA policy set. We also broadcast SIDS.
We have about AP in the Dorms with the defined goal of covering common
areas but we cover about 90+% of the rooms.
Maybe I have opened my self up for the Critics but this has worked so
far for us.
Martin D. Flagg
Network/Email Administrator
-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Duguay, Gerard
Sent: Tuesday, October 18, 2005 10:17 AM
To: [log in to unmask]
Subject: Re: Wired+Wireless+CCA = unhappy
The best we've come up with has been to have them remove CCA from
startup, and manually do the one-interface-at-a-time approach. As noted,
not ideal.
If any of you are running CCA and not the old Perfigo, I'd be very
interested in knowing how are you managing wireless authentication and
encryption services apart from a proprietary Cisco solution.
- Gerard Duguay
Seattle Pacific University
-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Flagg, Martin D.
Sent: Tuesday, October 18, 2005 1:32 AM
To: [log in to unmask]
Subject: Re: Wired+Wireless+CCA = unhappy
I brought this up back when it was Perfigo and the engineers told me
that it would be a major design change to fix this.
Martin D. Flagg
Network/Email Administrator
Hiram College
-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Eric Weakland
Sent: Monday, October 17, 2005 3:47 PM
To: [log in to unmask]
Subject: Wired+Wireless+CCA = unhappy
All,
First of all - I love this list and don't think our implementation would
have gone nearly as well without it. Kudos to you all.
Second - what have you all done to avoid having the CCA login box
repeatedly pop up on users who are connected to both wired and wireless
connections? Is there any way to prevent this at a system level rather
than teaching 3000+ students how to only have one interface active at a
time?
Cheers,
Eric Weakland, CISSP
Director, Network Security
Office of Information Technology (IT)
American University
[log in to unmask]
202.885.2241
|
|
|