When configuring IOS or Android network access will EAP-TLS ever be available as a selection? When configuring IOS for PEAP what is commonly used as the outer identity? Are trusted servers names referring to the CA server? Where does the client connect to obtain the settings?
Answer:
EAP-TLS option for IOS will be available in ClearPass OnBoard product (scheduled to be released in April).
While configuring IOS for PEAP, outer identity can be left blank. In this case the actual user identity is sent
as outer identity. Other option is to configure anonymous as outer identity. In this case actual user
identity is sent in the PEAP tunnel.
In the Trusted Server Names field, the host name of RADIUS server should be configured. The value
Configured in this field should be same as the Subject CN in the certificate of RADIUS server.