last person joined: 11 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

tacase supported EAP/802.1x?

This thread has been viewed 0 times
  • 1.  tacase supported EAP/802.1x?

    Posted Jun 03, 2013 10:20 AM

    Hi Experts,


    As i know EAP/802.1x only supported on radius protocol not TACACS. is it correct?



    PS. I heard from someone cisco can do dot1x with TACACS.

    anyone can confirm?






  • 2.  RE: tacase supported EAP/802.1x?

    Posted Jun 13, 2013 03:02 AM



    To answer this question, it is important to separate EAP/802.1x and its authentication methods.


    EAP has several authentication methods, where MSCHAPv2, TLS and GTC are the most widely used.


    MSCHAPv2 uses a challenge response mechanism to validate the user password, TLS uses certificates to validate the user's password and GTC can use a variety of mechanisms to validate the user credentials.


    TACACS should work with TLS and GTC, it will probably not work with MSCHAPv2 as the challenge response mechanism requires knowledge of the password at both server and client.


    So you could respond that EAP/802.1x is supported with TACACS+, as long as you don't expect it to work woth all authentication methods. If you leave away the 'under conditions', it will work also in ClearPass.