The key problem is Android users. For Android users to onboard to our Wi-Fi they must manually select EAP methods in their Wi-Fi settings. If they accidentally select "Do not validate" on the CA certificate option then they can expose their credentials to a MITM attack, and if they mess up the Inner Phase Authentication option then they do not have Wi-Fi. Apple devices are also a problem, as users are forced to manually 'Trust' our RADIUS certificate and many are rightfully afraid to tap the big red 'Trust' button without understanding what it does. We want to automate everything so the students do not need to understand EAP and RADIUS in order to get on the Wi-Fi. Re: segmentation, yes, the Wi-Fi is segmented from the rest of the network.
... View more
