John Hodrien wrote:
On Thu, 22 Feb 2018, hw wrote:
That seems neither useful, nor feasible for customers wanting to use the wireless network we would set up for them with their cell phones. Are cell phones even capable of this kind of authentication?
Yes, entirely capable. WPA2-Enterprise isn't some freakish and unusual solution.
Ok, so it would at least be possible.
I configure wireless once on my device (phone/tablet/laptop) and then can travel to institutions all round the world and use their networks seamlessly. How useless and infeasible indeed.
Well, this country is almost the worst of all countries around the world when it comes to internet access. Though they list a few locations here where you supposedly could use their service, I wouldn´t expect anything. Then there´s the question of protecting your privacy. For example, how much do they pay you for allowing them to keep track of your travels?
In any case, it wouldn´t do our customers any good because there aren´t places all over the world where they could use our network.
Anyway, there are some clients that can probably authenticate, which leaves the ones that use PXE boot. I tried things out with a switch, and it would basically work. If it makes sense to go any further with this and how now needs to be determined ...
A client that can't authenticate gets the network it's provided with by being unauthenticated. If an unauthenticated client can't have any network access, that's what they get. Presumably you could drop an unauthenticated machine into a different VLAN.
That would be a problem because clients using PXE-boot require network access, and it wouldn´t contribute to security if unauthorized clients were allwed to PXE-boot.