Wireless Access

Hi,

  I was in a conversation with my boss and we started arguing about what we should do for our new campus, EAP-TLS or EAP-PEAP. to be honest, I don't know which one is better and why from Aruba point of view? Any help would be highly appreciated. 

Please see the old (but still relevant) doc here:  https://community.arubanetworks.com/aruba/attachments/aruba/ForoenEspanol/295/1/WP_BUILDING%20GLOBAL%20SECURITY%20POLICIES%5B1%5D.pdf

PEAP uses legacy authentication protocols. EAP-TLS is always recommended.

Thanks for the reply, that was really helpful 

be sure to mark it as accepted if that was the correct answer for you.

Also if I'm not mistaken it's worth adding that EAP-PEAP also consists of an inner authentication method. When people refer to just PEAP they usually mean EAP-PEAP as the outer protocol and EAP-MSCHAPv2 as the inner. You could also do EAP-PEAP and tunnel EAP-TLS inside.

PEAP/EAP-TLS is only supported on Windows clients.

So EAP-TLS will not work on Android and IOS at all?

EAP-TLS is fully supported on both platforms.

PEAP/EAP-TLS is only supported on Windows.

Thanks for clarifying! Can an eap-tls connection be established if either of the certificates is untrusted/unaccepted?