Security

Reply
Contributor II
Posts: 75
Registered: ‎05-06-2014

Can you simultaneously support different VIA users, on the same controller, using PEAP and EAP-TLS?

We currently have a group of users authenticating their VIA access using EAP-PEAP.  We want to move them to EAP-TLS, using x.509 certs they have already been issued.  Can we configure the controller and/or ClearPass to simultaneously either/or auth mechanisms?  Would we need a different interface (and matching URL) for each, or could it all be done using the same interface and URL?

Guru Elite
Posts: 8,792
Registered: ‎09-08-2010

Re: Can you simultaneously support different VIA users, on the same controller, using PEAP and EAP-T

Yes, you can. You just create a second set of profiles. One for each authentication method.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 75
Registered: ‎05-06-2014

Re: Can you simultaneously support different VIA users, on the same controller, using PEAP and EAP-T


cappalli wrote:
Yes, you can. You just create a second set of profiles. One for each authentication method.

Thanks Tim - presumably you just have to be careful to issue the right profile to the right user at the right time?

Guru Elite
Posts: 8,792
Registered: ‎09-08-2010

Re: Can you simultaneously support different VIA users, on the same controller, using PEAP and EAP-T

The user can either select the profile themselves (common) or you can return different user roles with different policies attached based on policy in ClearPass.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: