You're a little bit confused about how 802.1x ties into everything...
a) 802.1x was designed for port based access, not wireless. It was adapted for wireless. The keying method is WEP. The encryption tunnel for authentication happens VERY quickly. very little overhead.
b) 802.1x allows you to know WHO is on your network. Do you really want to have an open wide public network that some terrorist could potentially get on to talk to his buddies anonymously... not me...;)
c) Once again... the encryption for the authentication happens very quickly. We're talking miniscule amounts of time. The keying on the card is WEP, but the keys can be per-user, and can rotate at a specified interval. If you're using WEP at all your keys should be rotating no less than every 10 minutes, otherwise it would be very easy to crack.
d) 802.1x *IS* using SSL for its encryption... besides the fact that that portion only happens for authentication... as I said before WEP is used on the cards.
802.11i will provide per-packet keying, which is when you should really start to worry about the overhead...
University of Utah - 802.1x Campus Standard
on
Are You Using 802.1X?
·
· Score: 5, Informative
Hi,
I work at the University of Utah. We're currently rolling out 802.1x.
My building has already rolled out 802.1x on about 36 access points. We've been running for over a month and a half.
We've got a lot of people interested in what we're doing. We're using a decentralized model that allows us to let various departments use their user accounts everywhere else on campus (that is using 802.1x).
The paper covers various issues. Keep in mind that the paper is not quite done yet, but it does have a lot of useful information.
We're officially supporting Mac OS X, Windows 98, Windows 2k, and Windows XP. We're not officially supporting Linux, but my boss and I are lead developers on the open1x project (http://open1x.sourceforge.net).
It has Linux and Mac OS X support. We support TTLS, TLS, PEAP (in CVS), MD5, and we're going to be implementing EAP_AKA pretty soon.
If you're interested in the specifics please check out some of our support pages:
The biggest problem has been support for various cards on Windows. The support link above lists the cards we've tested.
We're currently only supporting Airport on Mac OS X due to the lack of a public API from Apple. (Please let apple know that you want a public wireless API so we can support more cards...;)
We're using a campus site license of the Meetinghouse supplicant for Mac OS X, and Windows. We're using Radiator, a perl based (VERY NICE!) radius server. It's 802.1x implementation rocks.
802.1x is becoming the University of Utah campus standard. All future wireless purchases made with student task force moneys will be required to be 802.1x compatible.
Please let us know if you have any questions regarding our setup.
Slashdot Mirror
You're a little bit confused about how 802.1x ties into everything...
;)
a) 802.1x was designed for port based access, not wireless. It was adapted for wireless. The keying method is WEP. The encryption tunnel for authentication happens VERY quickly. very little overhead.
b) 802.1x allows you to know WHO is on your network. Do you really want to have an open wide public network that some terrorist could potentially get on to talk to his buddies anonymously... not me...
c) Once again... the encryption for the authentication happens very quickly. We're talking miniscule amounts of time. The keying on the card is WEP, but the keys can be per-user, and can rotate at a specified interval. If you're using WEP at all your keys should be rotating no less than every 10 minutes, otherwise it would be very easy to crack.
d) 802.1x *IS* using SSL for its encryption... besides the fact that that portion only happens for authentication... as I said before WEP is used on the cards.
802.11i will provide per-packet keying, which is when you should really start to worry about the overhead...
Hi,
s Whitepaper.pdf
e x.html
;)
I work at the University of Utah. We're currently rolling out 802.1x.
My building has already rolled out 802.1x on about 36 access points. We've been running for over a month and a half.
We've got a lot of people interested in what we're doing. We're using a decentralized model that allows us to let various departments use their user accounts everywhere else on campus (that is using 802.1x).
Check out our whitepaper for more information:
http://utahgeeks.sourceforge.net/projects/Wireles
The paper covers various issues. Keep in mind that the paper is not quite done yet, but it does have a lot of useful information.
We're officially supporting Mac OS X, Windows 98, Windows 2k, and Windows XP. We're not officially supporting Linux, but my boss and I are lead developers on the open1x project (http://open1x.sourceforge.net).
It has Linux and Mac OS X support. We support TTLS, TLS, PEAP (in CVS), MD5, and we're going to be implementing EAP_AKA pretty soon.
If you're interested in the specifics please check out some of our support pages:
http://www.laptop.lib.utah.edu/global/support/ind
The biggest problem has been support for various cards on Windows. The support link above lists the cards we've tested.
We're currently only supporting Airport on Mac OS X due to the lack of a public API from Apple. (Please let apple know that you want a public wireless API so we can support more cards...
We're using a campus site license of the Meetinghouse supplicant for Mac OS X, and Windows. We're using Radiator, a perl based (VERY NICE!) radius server. It's 802.1x implementation rocks.
More info on Radiator: http://www.open.com.au
802.1x is becoming the University of Utah campus standard. All future wireless purchases made with student task force moneys will be required to be 802.1x compatible.
Please let us know if you have any questions regarding our setup.