John Hodrien wrote: > On Thu, 22 Feb 2018, hw wrote: > >> That seems neither useful, nor feasible for customers wanting to use the >> wireless network we would set up for them with their cell phones. Are cell >> phones even capable of this kind of authentication? > > Yes, entirely capable. WPA2-Enterprise isn't some freakish and unusual > solution. Ok, so it would at least be possible. > https://www.eduroam.org/ > > I configure wireless once on my device (phone/tablet/laptop) and then can > travel to institutions all round the world and use their networks seamlessly. > How useless and infeasible indeed. Well, this country is almost the worst of all countries around the world when it comes to internet access. Though they list a few locations here where you supposedly could use their service, I wouldn´t expect anything. Then there´s the question of protecting your privacy. For example, how much do they pay you for allowing them to keep track of your travels? In any case, it wouldn´t do our customers any good because there aren´t places all over the world where they could use our network. >> Anyway, there are some clients that can probably authenticate, which leaves >> the ones that use PXE boot. I tried things out with a switch, and it would >> basically work. If it makes sense to go any further with this and how now >> needs to be determined ... > > A client that can't authenticate gets the network it's provided with by being > unauthenticated. If an unauthenticated client can't have any network access, > that's what they get. Presumably you could drop an unauthenticated machine > into a different VLAN. That would be a problem because clients using PXE-boot require network access, and it wouldn´t contribute to security if unauthorized clients were allwed to PXE-boot.