Re: WPA problem and eduroam

[Mohacsi Janos <mohacsi@xxxxxxx>]

On Wed, 3 Dec 2008, Tomasz Wolniewicz wrote:

> Miroslav Milinovic pisze:
> > Let me clarify myself on the Policy point.
> >
> > Policy says: "an encryption level SHOULD be WPA/TKIP or better". So
> > Policy is not a show stopper for providing WPA/AES only.
> Yes it does, but no university can run AES only without kicking off a
> significant number of users. And if we want to be guest-friendly then we
> should not disable TKIP on our eduroam SSID at least for quite some time.
> The fact that the policy allows us to run: dynamic WEP, WPA/TKIP,
> WPA2/AES is exactly the problem. With a single SSID we have no option
> but allow that, but this network will never work according to the
> scenario "start your device and be on-line". eduroam2 can bring us a lot
> closer to this, and what is more important, opens a path for achieving this.


I would change the order:
SSID eduroam1 with WPA/TKIP + WPA2/AES
SSID eduroam with WPA2/AES ony

I would keep eduroam1 for compatibility reason - if somebody has 
problem from WPA2/AES they can switch back to eduroam1 ....

Best Regards,
		Janos Mohacsi