LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

October 2005

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS October 2005

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Wired+Wireless+CCA = unhappy
From:	"Flagg, Martin D." <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Tue, 18 Oct 2005 10:37:01 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (79 lines)

We are running PEAP/Leap using Cisco ACS although any Radius server
would work.  Once they have there PEAP/LEAP session we require CCA
certification.  I have been playing with the idea of dropping all
encryption and only using CCA.  I am thinking about doing this to make
the wireless more user-friendly and eliminate the double authentication
requirements.  All our wireless is in one subnet, Faculty/Staff have an
Attribute in Active Directory (synced with ACS) that makes CCA place
Faculty/staff under a different CCA policy set.  We also broadcast SIDS.
We have about AP in the Dorms with the defined goal of covering common
areas but we cover about 90+% of the rooms.

Maybe I have opened my self up for the Critics but this has worked so
far for us.

Martin D. Flagg
Network/Email Administrator


-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Duguay, Gerard
Sent: Tuesday, October 18, 2005 10:17 AM
To: [log in to unmask]
Subject: Re: Wired+Wireless+CCA = unhappy

The best we've come up with has been to have them remove CCA from
startup, and manually do the one-interface-at-a-time approach. As noted,
not ideal. 

If any of you are running CCA and not the old Perfigo, I'd be very
interested in knowing how are you managing wireless authentication and
encryption services apart from a proprietary Cisco solution.

- Gerard Duguay
Seattle Pacific University 

-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Flagg, Martin D.
Sent: Tuesday, October 18, 2005 1:32 AM
To: [log in to unmask]
Subject: Re: Wired+Wireless+CCA = unhappy

I brought this up back when it was Perfigo and the engineers told me
that it would be a major design change to fix this.

Martin D. Flagg
Network/Email Administrator

Hiram College

-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Eric Weakland
Sent: Monday, October 17, 2005 3:47 PM
To: [log in to unmask]
Subject: Wired+Wireless+CCA = unhappy

All,

First of all - I love this list and don't think our implementation would

have gone nearly as well without it.  Kudos to you all.

Second - what have you all done to avoid having the CCA login box
repeatedly pop up on users who are connected to both wired and wireless
connections?  Is there any way to prevent this at a system level rather
than teaching 3000+ students how to only have one interface active at a
time?

Cheers,

Eric Weakland, CISSP
Director, Network Security
Office of Information Technology (IT)
American University
[log in to unmask]
202.885.2241

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU