On Mon, May 05, 2014 at 10:39:09AM -0400, David Blahut wrote:
> I am curious as to what if anything other colleges are doing for wired
> network MAC address registration. Our current system is up for support
> renewal and hardware refresh and I am having a hard time justifying the
> My specific questions are the following:
> What systems are others using?
CMU NetReg with FreeRADIUS.
> Has anyone successfully migrated to 802.1X on wired (Cisco) using free
No reason it shouldn't work with Cisco, but we are using Juniper.
> Given that nearly all access is via wireless, anyone doing nothing on wired
No, we apply the same RADIUS policies to wired & wireless. We are
using MAC-RADUIS, which means the authentication is by MAC address,
not username/password. This works well enough for us and doesn't
require 802.1X supplicants on every wired device since the switch acts
as the supplicant using the learned MAC address.
We may introduce full 802.1X username/password auth at some point if
policy/regulatory needs dictates this for access to secure networks.
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.