05-01-2017 08:51 AM
I'm curious why the Clearpass user guide suggests using PEAP-MSCHAPv2 for Windows devices instead of TLS?
I was under the impression that EAP-TLS was more secure (but I realize that's based more on "folklore" than fact).
Also, if we provision the devcie with PEAP-MSCHAPv2, are we still using an Onboard certificate on the device?
Solved! Go to Solution.
05-01-2017 09:25 AM
From this link, EAP-TLS is suggested for iOS, and PEAP-MSCHAPv2 for others.
The following best practices are recommended when choosing the 802.1X authentication methods to provision:
|*||Configure PEAP with MS-CHAPv2 for Onboard devices – Android, Windows, and legacy OS X (10.5/10.6).|
|*||Configure EAP-TLS for iOS devices and OS X (10.7 or later).|
05-01-2017 09:56 AM
Great, glad I could help.
You might want to edit that entire chanpter as this message appears in a few other places. This link, for example, shows a workflow of switching to MSCHAP-v2. :
I would certainly prefer to use EAP-TLS, but now I'm curious: if you were to provision a device with PEAP-MSCHAPv2, would it still consume an Onboard license?