Q: What is eap peap public in CPPM and what is the use case?
A: Clearpass 6.4 supports Eap-peap-public , which apparently allows sharing a publicly known username/password as a login to a 8021x protected network.
We have had a lot of financial and enterprise customers asking an easy way of setting up a secure guest access. They don't want to issue personal devices certificates so they asked to have a PEAP with a common username and password they could hand out and the guest could do a self reg just like a normal guest.
The EAP-PEAP-Public method is used for authenticating and providing a secured wireless guest access to the endpoints. To provide a secured wireless guest access, the Wi-Fi Protected Access (WPA) is provided for publicly known username and password. This ensures that every device gets a unique wireless session key that is used to encrypt the traffic and provide secured wireless access without intruding the privacy of others though the same username and password is shared to all devices
EAP-PEAP Public is specifically created to be used in High Capacity Guest mode to provide secure WiFi for guest users. In HCG mode we don’t allow normal PEAP method to be configured that can authenticate against any repository, as it can be used for enterprise class 802.1X.
The EAP-PEAP Public method can’t authenticate with any repository, it will only accept the configured public username/password.