>We already had plans in place for that (we have many such devices, especially those that do not belong to the organization). And the vendors who could not be bothered to implement suport for WPA2/Enterprise, we just don't buy from them.
Yeah, tell that to execs with their shiny new toys.
Besides, once you implement the parallel infrastructure that actually works _better_ than your secured-down-to-the-wire IPSec network, people start asking: "Why have we even bothered with this ipsec crap?"
So that's why middlebox vendors make a killing selling various DPI tools to organizations. Sure, they violate all the possible RFCs and all the notions of protocol layering. But at the same time they actually work in RealLife(tm).