AAA, NAC, Guest Access & BYOD

eap peap public in CPPM and its use case

by ‎04-15-2015 07:23 AM - edited ‎04-15-2015 07:23 AM
Q:

What is eap peap public in CPPM and what is the use case?

 



A:

Clearpass 6.4 supports Eap-peap-public , which apparently allows sharing a publicly known username/password as a login to a 8021x protected network. 

We have had a lot of financial and enterprise customers asking an easy way of setting up a secure guest access. They don't want to issue personal devices certificates so they asked to have a PEAP with a common username and password they could hand out and the guest could do a self reg just like a normal guest.

The EAP-PEAP-Public method is used for authenticating and providing a secured wireless guest access to the endpoints. To provide a secured wireless guest access, the Wi-Fi Protected Access (WPA) is provided for publicly known username and password. This ensures that every device gets a unique wireless session key that is used to encrypt the traffic and provide secured wireless access without intruding the privacy of others though the same username and password is shared to all devices

EAP-PEAP Public is specifically created to be used in High Capacity Guest mode to provide secure WiFi for guest users. In HCG mode we don’t allow normal PEAP method to be configured that can authenticate against any repository, as it can be used for enterprise class 802.1X.
 
The EAP-PEAP Public method can’t authenticate with any repository, it will only accept the configured public username/password.

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.