(RADIATOR) Experience with 802.1X and TLS
Denis Pavani
d.pavani at cineca.it
Tue Oct 25 01:24:21 CDT 2005
Hi Christian.
In our organization I tried to use 802.1X and TLS for WiFi (about 100
clients), something not mission-critical as the wired network.
It works but certificate managing made this attempt fail: certificates
tend to expire in large numbers in the same day or two and people often
don't know when their certificate expires or even what is a certificate.
They only know something is not working.
Renewal and revocation must be quick in such an infrastructure.
If your customer's user are "smart" and certificate managing is not a
problem I see no drawbacks.
Christian Kratzer wrote:
> Hi,
>
> we have a potential customer who wants to deploy sitewide
> 802.1x authentication for lan access using TLS and certificates
> for authentication.
>
> The intention is that the IT department issues and installs individual
> certificates to each workstation so that only officially supported
> clients can connect to the network.
>
> Special measures will of course have to be taken for non 802.1x capable
> devices like printers etc... on the network.
>
> The client is about to start the project but would like to hear
> experiences from other people with daily operations of similar setups.
> They are planning to deploy on several thousand clients and are looking
> for general experiences in similar projects.
>
> Any comments from anyone ?
>
> Greetings
> Christian
>
--
************************************************************************
Denis Pavani
CINECA - Comunicazioni e Sistemi Distribuiti
NOC - Network Operations Center
phone:+39 0516171953 / fax:+39 0516132198
http://www.cineca.it
************************************************************************
"Siamo pagati per adattarci, improvvisare e raggiungere lo scopo"
-- Gunny Highway
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list