Main Nav

Message from francis.matthews@gallaudet.edu

My network team have been given to do overall wireless network at Gallaudet. I have until start of fall semester to do the overall. Background - We were using old Cisco CCA to do device registration and Juniper UAC for wireless laptop. Also we purchase Great Bay software to do 802.1x mac authentication for wired network and plan to use that software to do wireless part. Who are your main wireless vendor? Do you have device registration? How do you do device registration? Do you use endpoint posture checking? What software do you use for endpoint posture checking? if you do not have one, why? What method do you use for 802.1x authentication? Any information that you share with me will be greatly appreciate. If you have links that explain your wireless environment, let me know. Thanks again -- ----------------------- Allen Matthews Network Engineer Gallaudet Unversity Technology Services Washington, DC ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Message from bosborne@liberty.edu

WIRELESS-LAN Digest - 29 Apr 2012 to 30 Apr 2012 (#2012-71)

Allen,

 

I apologize in advance for the long reply, but I believe we have a lot of useful experience to share from Liberty University.

 

We totally replaced our wireless network and the wireless portion of our NAC over Christmas break in 2008, so I feel your pain. You do not say the size of your network, but we were able to deploy over 400 APS during that time.

 

Before that change, we were using Cisco fat 802.11b/g APs and Cisco Clean Access for NAC on wired & wireless. In 2008, we moved to Aruba wireless and Bradford Campus Manager NAC after looking at the offerings back then.

 

This summer we are moving our wireless and wired network to 802.1X authentication using Aruba’s ClearPass product. Although this can be a NAC solution, (formerly Avenda eTIPS), we are not  using it in this way. ClearPass is our RADIUS server and also will let us register non-802.1X capable devices by mac address. We are using the syslog output of ClearPass to feed out Procera PacketLogic system, allowing us to manage the Internet bandwidth of our students by username. We found that Bradford’s NAC solution would not scale well  to the size of our environment. We now have over 1200 APs.

 

We believe that we can probably avoid having a NAC solution. For wireless, we will use Aruba’s flexible built-in firewall roles to restrict Student access to Staff areas. If that does not work as planned, our alternate plan is to use the ClearPass NAC solution.

 

We will initially use CloudPath XpressConnect to provision user machines for 802.1X and do a one-time posture assessment. We plan to eventually move that to Aruba’s ClearPass QuickConnect product.

 

We have Cisco as our partner for many things (wired network, VoIP phones, VM servers), but we are very pleased with Aruba Networks as our partner for wireless and NAC-related offerings. In fact, we would have the same sales team who is devoted to the Education customers in this area.

 

Here is a video about our deployment of IPTV on our wireless network. http://www.youtube.com/watch?v=ZGT8-JvHc0g

 

 

Please let me know how we can help further. you are welcome to come and visit in person if you wish.

 

 

Bruce Osborne

Network Engineer

IT Network Services

 

(434) 592-4229

 

LIBERTY UNIVERSITY

Training Champions for Christ since 1971

 

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.