I'm tech-reading an upcoming book, and it makes the implication that 802.1x
is not very widely deployed... which seems possibly an overly narrow view
of the Real World.
If you regularly use one or more 802.1x protected networks, could you take
a moment to reply off-list, and tell me the size of the network (homelab,
smb, enterprise, carrier), and, if you know, how long 802.1x has been deployed
there? I'm also interested in whether any network you use has dropped .1x.
I'll summarize to the list if there's interest. Thanks.
If you regularly use one or more 802.1x protected networks, could you take
a moment to reply off-list, and tell me the size of the network (homelab,
smb, enterprise, carrier), and, if you know, how long 802.1x has been deployed
there?
Surely you are joking, Mr. Ashworth.
The entirety of eduroam is on 802.1X (better known as WPA Enterprise).
That must be an 8-digit number of users.
If you need a list of sites, start with eduroam - Wikipedia
(but, aside from the US, it mostly lists just the countries).
When you are done drilling down, there should be about 6500 names of sites on the list.
If you are talking about wired .1X: It is relatively common for eduroam-enabled
institutions to also provide publicly accessible wired ports controlled by .1X
and connected to the same RADIUS servers. But I don't have any numbers at all.
I'm also interested in whether any network you use has dropped .1x.
eduroam deployment started in 2003.
Your university academic computing environment would need to be pretty stupid to leave eduroam once it is deployed.
But stranger things have happened.
If your academic computing environment is not yet on eduroam, they still almost certainly use .1X for the wireless.
Not all 100+ million students worldwide have access to on-campus WiFi, but nowadays most do.
Surely you are joking, Mr. Ashworth.
The entirety of eduroam is on 802.1X (better known as WPA Enterprise).
ding ding ding. WPA Ent wireless authentication calls upon 802.1X.
And 802.1X wired port security is also a feature of many switches,
and provides stronger protection than MAC-address based port security
functionality; and 802.1x option may be used by at least some
organizations, to protect against unauthorized connections to secure
wired networks, and/or to force guests / salespeople / vendors
plugging in their laptop, to be placed in a guest LAN; instead of
gaining access to the company's secure internal network, if they
sneak over to someone's desk, unplug the desktop, and plug in their
laptop to attempt some covert network scanning.....
Wired switch vendors don't add 802.1X to their switches for their
health, it would be less expensive to make a product without the
development effort to add the function; someone wants the feature.
In this case, the remaining burden of proof should be on whomever
wants to claim it's not widely deployed.
eduroam - Wikipedia
(but, aside from the US, it mostly lists just the countries).
When you are done drilling down, there should be about 6500 names of sites
on the list.
The entirety of eduroam is on 802.1X (better known as WPA Enterprise).
That must be an 8-digit number of users.
If you need a list of sites, start with eduroam - Wikipedia
However, that would be more a confederation of deployments than
one single large deployment.
But each participating institution (more than 5000 universities and research centres) deployed 802.1x in their premises. Big bonus that they work together seamlessly (inter organisation roaming and 802.1x usage).
That is quite impressive that 5,000 orgs got 802.1x working correctly
in this fashion.
I had a lot of questions how they handled auth, but it appears auth is
distributed according to a roaming user's realm/domain suffix.
I did see that come in, and was going to look into it more deeply tonight;
if it is -- as it appears to be -- a framework for globally federated
identification/authentication, then it will probably hit the same walls
(of theory, not merely implementation) which other earlier attempts
have hit: privacy and non-correlation being prime among them.
It's orthogonal to 802.1x, though, unless anyone's shipping code to hook
a dot1x server to it as you would, say, a Radius server.
