(RADIATOR) Experience with 802.1X and TLS

Denis Pavani d.pavani at cineca.it
Tue Oct 25 01:24:21 CDT 2005


Hi Christian.
In our organization I tried to use 802.1X and TLS for WiFi (about 100 
clients), something not mission-critical as the wired network.
It works but certificate managing made this attempt fail: certificates 
tend to expire in large numbers in the same day or two and people often 
don't know when their certificate expires or even what is a certificate.
They only know something is not working.
Renewal and revocation must be quick in such an infrastructure.
If your customer's user are "smart" and certificate managing is not a 
problem I see no drawbacks.

Christian Kratzer wrote:

> Hi,
> 
> we have a potential customer who wants to deploy sitewide
> 802.1x authentication for lan access using TLS and certificates
> for authentication.
> 
> The intention is that the IT department issues and installs individual 
> certificates to each workstation so that only officially supported
> clients can connect to the network.
> 
> Special measures will of course have to be taken for non 802.1x capable
> devices like printers etc... on the network.
> 
> The client is about to start the project but would like to hear
> experiences from other people with daily operations of similar setups.
> They are planning to deploy on several thousand clients and are looking
> for general experiences in similar projects.
> 
> Any comments from anyone ?
> 
> Greetings
> Christian
> 

-- 
************************************************************************
Denis Pavani

CINECA    -    Comunicazioni e Sistemi Distribuiti
NOC - Network Operations Center

phone:+39 0516171953 / fax:+39 0516132198
http://www.cineca.it
************************************************************************
  "Siamo pagati per adattarci, improvvisare e raggiungere lo scopo"
   -- Gunny Highway

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list