JiscMail Logo
Email discussion lists for the UK Education and Research communities

Help for WIRELESS-ADMIN Archives


WIRELESS-ADMIN Archives

WIRELESS-ADMIN Archives


WIRELESS-ADMIN@JISCMAIL.AC.UK


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Proportional Font

LISTSERV Archives

LISTSERV Archives

WIRELESS-ADMIN Home

WIRELESS-ADMIN Home

WIRELESS-ADMIN  2006

WIRELESS-ADMIN 2006

Options

Subscribe or Unsubscribe

Subscribe or Unsubscribe

Log In

Log In

Get Password

Get Password

Subject:

Re: 802.1x, which way to go?

From:

Josh Howlett <[log in to unmask]>

Reply-To:

Wireless Issues in the JANET community <[log in to unmask]>

Date:

Tue, 17 Jan 2006 13:59:01 +0000

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (71 lines)

Hi Jezz,

Palmer J.D.F. wrote:

> Anyway, the $64000 question is which EAP method is the best to use? 
>
> Which is the strongest EAP?

EAPs TLS, TTLS and PEAP are essentially equivalent. There's not much to 
pick between them from this PoV.

> Which is the best supported EAP?

Pretty much all common supplicants support TLS, TTLS and PEAP. The odd 
man out is the native Windows' supplicant, which only does TLS and PEAP.

Another consideration, if you're a Windows shop, is that IAS only does 
TLS and PEAP.

> Do you want Credential or Certificate based authentication?

All of the "strong" EAP methods (TLS, PEAP, TTLS) use certificates, 
although TTLS and PEAP only need them for proving the server's identity 
whereas TLS requires user certificates as well, which means that in HEFE 
environments it's not commonly used!

> Personally I'm tending to favour EAP-PEAP(MSCHAPv2) at the minute as 
> it's reasonably strong, widely supported and is based on user/machine 
> credentials rather than a certificate; yet has the option of using a 
> root cert to verify the auth server.
 >
>  
> 
> The question is, is there anything better?

It depends on your environment mainly. Most decent RADIUS servers 
support a range of EAP types, so there's nothing to stop you using PEAP 
for Windows boxes and TTLS for Macs, for example.

> Can you EAP-TTLS/EAP-PEAP for example? If so can it be supported by any 
> clients?

Certainly, if your server and supplicants supports the methods. Examples 
of supplicants that could do this include wpa_supplicant, Meetinghouse 
and Funk Oddyssey.

>  
> 
> We are aware that wpa_supplicant will do just about anything, but what 
> about the Longhorn/Vista client?  How capable will that going to be?

I'll lay money on it not doing TTLS, unfortunately.

> Ideally whatever EAP method we choose to use on the network should be 
> supported by Longhorn.

Safest to go with PEAP, then.

> Are there any documents anywhere that compare and contrast the abilities 
> of the XP client to the proposed Vista/Longhorn client?

Not that I'm aware of. In fact, I've had difficulty finding any 
information about the Vista/Longhorn supplicant. If anyone has any, I 
would greatly appreciate a pointer!

> Will the Vista client support multiple encryption methods on a single 
> SSID; or non broadcast SSIDs?

Again, I have no information.

best regards, josh.

Top of Message | Previous Page | Permalink

JISCMail Tools


RSS Feeds and Sharing


Advanced Options


Archives

April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
2006
2005
2004
2003


WWW.JISCMAIL.AC.UK

Secured by F-Secure Anti-Virus CataList Email List Search Powered by the LISTSERV Email List Manager