Security

Reply
Occasional Contributor I
Posts: 7
Registered: ‎09-12-2013

Clearpass Service with two autentication methods differents for two operating system.

Hello,

 

I have an environment with Windows 7, 10, vista and XP.

My service has a EAP TLS as authentication mode, but my XP systems is not connecting in that service.

 

I would like to know, if can I insert a MS-CHAP V2 in the service as authentication mode and force the xp systems to use this method in roles?

Guru Elite
Posts: 8,169
Registered: ‎09-08-2010

Re: Clearpass Service with two autentication methods differents for two operating system.

Short answer: yes, you can support multiple EAP methods on the same SSID.



Question: Is the Windows XP client configured for EAP-TLS?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Super Contributor II
Posts: 383
Registered: ‎09-05-2012

Re: Clearpass Service with two autentication methods differents for two operating system.

  • Edit your service and go to the Authentication tab.
  • Under the "Authentication Methods" section click the "-- Select to Add--" dropdown box
  • Add whatever other methods you need.

2016-10-26_11h17_29.png

Occasional Contributor I
Posts: 7
Registered: ‎09-12-2013

Re: Clearpass Service with two autentication methods differents for two operating system.

Hi my friend,

 

I don't want to user TLS for XP devices, I qant to configure for MSCHAP-V2 but if I put the EAP-MSCHAP-V2 in the authentication methods, other devices will can connect too.

 

I need a way that only XP can be connect by EAP-MSCHAP-V2.

Super Contributor II
Posts: 383
Registered: ‎09-05-2012

Re: Clearpass Service with two autentication methods differents for two operating system.

[ Edited ]

Not necessarily, it depends on how you configure the your clients and how you configure your service.

 

If you configure your other devices to use EAP-TLS, then they will only use EAP-TLS and not EAP-MSCHAPv2.

 

If you want to be really strict though, you could figure out of a way of identifing what OS the device is using (probably through the Endpoints database) and then use a roll mapping and enforcement to block the device if it is not using the EAP method you want.

 

So for instance, if you have a Windows 10 device and it tries connecting using EAP-MSCHAPv2, then it will be denied. You would then need to identify why the device is using EAP-MSCHAPv2 vs EAP-TLS.

 

On a side note, the authentication methods defined in the service do not dictate what method your client uses, it only indicates what authenticaiton methods the service will process or handle.

Occasional Contributor I
Posts: 7
Registered: ‎09-12-2013

Re: Clearpass Service with two autentication methods differents for two operating system.

Hi,

 

I think that is the way.

 

I will try to configure it and will report here.

Search Airheads
Showing results for 
Search instead for 
Did you mean: