Security

ok. having just got eap-tld and eap-peap authenticating from 1 service, I've rolled out the config to our eduroam service on our production box and again I've got peap and tls work together from one service.

However, we've got about 15K peap users on this ssid and currently 1 tls user. Under Live Monitoring/Acess Tracker, how can I search for TLS auth types? I would have thought the filter attribute Auth-type would have done it, but when I select it, there's nothing in the field ( cppm 6.5.2)

On my dev serverthere's nothing but dev traffic so the logs don't get swamped.

A

Unfortunately you can't filter access tracker by EAP method.

You could however try to use a data filter, but you'd have to flip back and forth.

EDIT: That data filter won't work

So I guess the options are to search for mac address of device or have an eap-tls only service and look at that ..... which I was trying to do before :-)))

A

If you need this functionality long-term, you could do a role map and use the TIPS role as a search filter.

Good idea, already generate a batch of roles based upon user/machine os,service used for our eap and macauth services, just haven'tt done it yet for TLS.

I suspect that TLS is going to  be one of those things that sneaks  up on us and ends up being important. We've got Apple TVs, wireless  VOIP phones, (possible) Android based information systems and airwatch managed mobile devices that need network connectivity with multi-user support.

Given that clearpass lets you generate your own CA and also provides you with an OCSP service, saves doing things from the CLI with a standalone OCSP server and openssl so its going to be easy to meet TLS requriements than it was before.

A