Probably this video from his Youtube channel.
Original Message:
Sent: Apr 05, 2024 10:19 AM
From: OumarCisse
Subject: EAP-TEAP
Thank You Guys for all your input.
@Herman Robers can you share me the documentation on how you implemented your EAP-TEAP with WPA3?
Original Message:
Sent: Apr 05, 2024 08:08 AM
From: bosborne
Subject: EAP-TEAP
Even better is moving to EAP-TLS with anonymous identity ;) That is what we are doing. CPPM needs dome coaxing though, because it uses the outer identity by default for authentication, etc.
------------------------------
Bruce Osborne ACCP ACMP
Liberty University
The views expressed here are my personal views and not those of my employer
Original Message:
Sent: Apr 04, 2024 09:23 AM
From: chulcher
Subject: EAP-TEAP
Note, enabling identity privacy (using an anonymous username) when using PEAP is also a good idea as one of the first steps for making PEAP as secure as can be.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Apr 04, 2024 09:16 AM
From: Herman Robers
Subject: EAP-TEAP
Yes, you can as it's only used to get the request in the correct service, where you can do TEAP (or whatever other authentication method). This is how it looks in my lab ClearPass server:
This service will either be selected with the anonymous identity set to anonymous or to teap. After that, I have computer and user authentication via TEAP. Then if you put your older (PEAP) service below this service, the PEAP request will 'faillthrough' and be handled through that service.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Apr 04, 2024 08:43 AM
From: OumarCisse
Subject: EAP-TEAP
If I filter with anonymous, would I still be able to hit the rule and get the user auth and the computer auth.
Original Message:
Sent: Apr 04, 2024 03:13 AM
From: Herman Robers
Subject: EAP-TEAP
As TEAP has a mandatory Anonymous identity these days in Windows 10/11, you can also filter on the anonymous user-name in your service (IETF:User-Name EQUALS anonymous), change anonymous to another name if you changed the anonymous identity.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Apr 03, 2024 10:57 AM
From: OumarCisse
Subject: EAP-TEAP
Hello Guys,
I want to have two SSID in my network and I am implementing EAP-TEAP which was successful so far. But currently using EAP-PEAP.
My plan is to rolled out users slowly until we have one SSID with EAP-TEAP and EAP-PEAP. Users will first hit TEAP first then if fails, hit the EAP_PEAP rule.
When I added the authentication outherMethod in my service, I get rejected. It does not even the rule anymore. Is there something I am doing wrong with the outerMethod.
I have also attached my logs in this thread.
Thank You in advance.