Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Technology

Are You Using 802.1X? 239

Posted by Cliff from the solving-the-problems-of-802.11 dept.
WirelessMan asks "I work for a certain university in the US, and our IT department has just deployed IEEE 802.1x authentication for our wireless network. One of the benefits is that all users' sessions are encrypted using tumbling WEP keys. One of the (major) drawbacks is the 'newness' of 1x. As far as I can tell (Google, etc) there aren't a whole lot of places out there who have taken the plunge. Google it, or check out this brief description. Does the Slashdot community have any experience with 1x?"

"Here's our story: we're using Windows 2003 servers (for IAS) and PEAP/MSCHAPv2. We're not offering support for Windows clients prior to 2000 (even though clients do exist for 98/ME,etc). Windows 2000 supposedly has builtin support after SP3, but on June 10, Microsoft released a WEP patch that breaks 1x! (At least for our implementation...) Windows XP SP1 works in most cases, but certain onboard-wireless chipsets (Intel) don't work, regardless of OS. I heard that staff struggled with and finally successfully installed a 3rd party client for RedHat 9, and I'm told there's also a client for Mac OS 10.2.

As far as I can tell, the network guys did their homework--I promise--but this deployment is beginning to look like a disaster! Do you have any wisdom to share about how to pull victory from the clutches of shameful defeat? I realize my question is rather broad and vague ... but I'm really interested to see what discussion comes up. Thanks!"
This discussion has been archived. No new comments can be posted.

Are You Using 802.1X? More

Are You Using 802.1X?

Comments Filter:

  • Universities and such (Score:3, Insightful)

    by mrpuffypants ( 444598 ) * <mrpuffypants@gmailTIGER.com minus cat> on Wednesday July 02, 2003 @10:00PM (#6355228)
    Personally I doubt why you would go with a system that makes you scrounge for clients on different OS's just to implement at a university. In the corporate workd you have the luxury of saying "If you want to use out network you will use "n" hardware and nothing else."

    At the university level you have people using about 300 different configurations and OS's. If seems like you are making if just that more difficult for those users that get use out of the network that they pay for through their tuition.

  • Re:IPSec (Score:3, Insightful)

    by Zebra_X ( 13249 ) on Wednesday July 02, 2003 @10:56PM (#6355488)
    right now IPSec should be the solution. Given what the question asker just posted it's pretty clear that 802.1x is "half baked" as far as a standard goes. IPSec howerver has been out for a while and it's evils are pretty well known. Certainly not easy to setup but as far as ubiquity goes, it's available on almost every platform. In addition - IPSec enhances not only the security of your wireless connections, it also enhances the security of the wired network. With a good certificate distribution infrastructure and a knowledgeable support staff IPSec is a viable alternative.

Slashdot Top Deals

The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.

Close