As i know EAP/802.1x only supported on radius protocol not TACACS. is it correct?
PS. I heard from someone cisco can do dot1x with TACACS.
anyone can confirm?
To answer this question, it is important to separate EAP/802.1x and its authentication methods.
EAP has several authentication methods, where MSCHAPv2, TLS and GTC are the most widely used.
MSCHAPv2 uses a challenge response mechanism to validate the user password, TLS uses certificates to validate the user's password and GTC can use a variety of mechanisms to validate the user credentials.
TACACS should work with TLS and GTC, it will probably not work with MSCHAPv2 as the challenge response mechanism requires knowledge of the password at both server and client.
So you could respond that EAP/802.1x is supported with TACACS+, as long as you don't expect it to work woth all authentication methods. If you leave away the 'under conditions', it will work also in ClearPass.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.