08-04-2014 03:05 PM
We've recently installed a Clearpass system on a college campus and are setup to do dot1x authentication for students.
But we're receiving a lot of negative feedback about the complexity of configuring Windows clients.
Is there an easy (or easier) way to do this? What are other schools doing?
08-04-2014 03:12 PM
You could use EAP-TLS with clearPass Onboard or quickconnect to help provision your wireless devices
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
08-04-2014 03:35 PM
Currently I'm running EAP-PEAP and authenticating via AD.
The user's group membership (staff vs. student) and type of device (AD member / non-AD member) determines what VLAN and profile they get.
Can quick connect be used in this environment? How would it work from the user's standpoint?
08-04-2014 05:42 PM - edited 08-04-2014 05:47 PM
The "issue" with Windows 7 and earlier is that it tries to machine authenticate first, which is actually normal behavior in a corporate owned device environment. It also attempts to use Windows credentials by default. The other piece is the server certificate dialog box is not well worded so often people click terminate instead of Connect.
In Win 8, user authentication is attempted first and the "use Windows account" option is not enabled by default. They've also cleaned up the server verification box to make it clear to the end user.
It sounds like QuickConnect would be perfect for your environment. Onboard is overkill for students in a university environment but is perfect for faculty/staff personal devices.
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP