Apologies for unintentional thread hijack and using the Wireless-Admin site. Thought I was most likely to get a response from the eduroam and radius experts on this thread. Do you enforce 802.1x authentication everywhere on the wired LAN and what radius server do you use ?
Were there huge objections from users and colleges to securing the network ports?
Niamh Hull
Network Diagnostics Analyst
( Mon.,Wed. and Fri.)
Exeter IT - Academic Services
University of Exeter, Laver Building #57; North Park Road, Exeter EX4 4QE
01392 72(5483)
The University of Exeter - Times Higher University of the Year 2007-08
This email and any attachment may contain information that is confidential, privileged, or subject to copyright, and which may be exempt from disclosure under applicable legislation. It is intended for the addressee only. If you received this message in error, please let me know and delete the email and any attachments immediately. The University will not accept responsibility for the accuracy/completeness of this e-mail and its attachments. The University cannot guarantee that this message and any attachments are virus free. Any views or opinions expressed in this message are my own and do not necessarily represent those of the University.
-----Original Message-----
From: Wireless Issues in the JANET community [mailto:[log in to unmask]] On Behalf Of alan buxey
Sent: 15 June 2012 15:31
To: [log in to unmask]
Subject: Wired eduroam and NAC (was: Mixing Aruba and Cisco)
Hi,
> Any institutions out there running eduroam on the wired network as well as
> the wireless and if you are - do you deploy NAC everywhere on the LAN or
> just designated public access areas ?
...this is the WIRELESS admin list...but still. we run 802.1X on wired
and therefore can cater for eduroam on wired network - which we run
and deal with like the wireless eduroam network. ie if we know you
as a labs PC you go on labs network, if staff then staff network (if
we allow that socket or user to be connected to that particular port)
and students to student network (once again, if they are allowed to
use the network from that facility)
have broken the thread and retitled since this was a thread hijack
alan
|