LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

October 2005

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS October 2005

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Wired+Wireless+CCA = unhappy
From:	"Flagg, Martin D." <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Tue, 18 Oct 2005 11:04:33 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (143 lines)

We have iPaq's that we configure with LEAP, I am not sure about the
Palms.  

Windows XP supports PEAP out of the box so if the laptop can run XP then
they are golden.  If not several Manufactures including Cisco sold cards
that supported LEAP.  The current Linksys cards we carry in our
bookstore support PEAP/LEAP and I think Windows 98.  We do not see much
Windows 95/98/2000 anymore.  We have also seen that it is the freshman
primarily using wireless because they were told by the recruiters that
wireless is available so we have seen a huge increase in Laptops with
our freshman class.  

I had an interesting conversation with one of our helpdesk seniors, he
thought that the whole wireless thing was stupid (and he is a techie).
The freshman, however, expect it!

Martin D. Flagg
Network/Email Administrator

Hiram College

-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Brad Kramer
Sent: Tuesday, October 18, 2005 10:51 AM
To: [log in to unmask]
Subject: Re: Wired+Wireless+CCA = unhappy

We are running Shared WEP128bit for our Faculty/Staff computers (owned
by
the university) and no encryption on a broadcasted ssid for
students/Others,
on the WEP side, no clean access required for systems, as they are on a
NAC
Controlled vlan, and on the student side, we are using Clean Access...

We are looking at some of the PEAP/LEAP stuff, and honestly at this
point I
wouldn't mind everyone to have a double login for more security.

Martin- Just a quick question or two- How do Palms and Older Laptops
deal
with LEAP?

On 10/18/05 10:37 AM, "Flagg, Martin D." <[log in to unmask]> wrote:

> We are running PEAP/Leap using Cisco ACS although any Radius server
> would work.  Once they have there PEAP/LEAP session we require CCA
> certification.  I have been playing with the idea of dropping all
> encryption and only using CCA.  I am thinking about doing this to make
> the wireless more user-friendly and eliminate the double
authentication
> requirements.  All our wireless is in one subnet, Faculty/Staff have
an
> Attribute in Active Directory (synced with ACS) that makes CCA place
> Faculty/staff under a different CCA policy set.  We also broadcast
SIDS.
> We have about AP in the Dorms with the defined goal of covering common
> areas but we cover about 90+% of the rooms.
> 
> Maybe I have opened my self up for the Critics but this has worked so
> far for us.
> 
> Martin D. Flagg
> Network/Email Administrator
> 
> 
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of Duguay, Gerard
> Sent: Tuesday, October 18, 2005 10:17 AM
> To: [log in to unmask]
> Subject: Re: Wired+Wireless+CCA = unhappy
> 
> The best we've come up with has been to have them remove CCA from
> startup, and manually do the one-interface-at-a-time approach. As
noted,
> not ideal. 
> 
> If any of you are running CCA and not the old Perfigo, I'd be very
> interested in knowing how are you managing wireless authentication and
> encryption services apart from a proprietary Cisco solution.
> 
> - Gerard Duguay
> Seattle Pacific University
> 
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of Flagg, Martin D.
> Sent: Tuesday, October 18, 2005 1:32 AM
> To: [log in to unmask]
> Subject: Re: Wired+Wireless+CCA = unhappy
> 
> I brought this up back when it was Perfigo and the engineers told me
> that it would be a major design change to fix this.
> 
> Martin D. Flagg
> Network/Email Administrator
> 
> Hiram College
> 
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of Eric Weakland
> Sent: Monday, October 17, 2005 3:47 PM
> To: [log in to unmask]
> Subject: Wired+Wireless+CCA = unhappy
> 
> All,
> 
> First of all - I love this list and don't think our implementation
would
> 
> have gone nearly as well without it.  Kudos to you all.
> 
> Second - what have you all done to avoid having the CCA login box
> repeatedly pop up on users who are connected to both wired and
wireless
> connections?  Is there any way to prevent this at a system level
rather
> than teaching 3000+ students how to only have one interface active at
a
> time?
> 
> Cheers,
> 
> Eric Weakland, CISSP
> Director, Network Security
> Office of Information Technology (IT)
> American University
> [log in to unmask]
> 202.885.2241

-------------
Bradley W. Kramer
Network/Telecom Intern.
Ashland University
(419) 289-5630
[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU