Please note that the use of PEAP (more specific username/password via MSCHAPv2) is known insecure and should be avoided. Certificate authentication is the golden standard.
TEAP allows combining computer and user authentication, so it's the answer to your question as already mentioned.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jul 04, 2024 02:56 AM
From: nipunmeewella
Subject: Simultaneous use of EAP-PEAP and EAP-TLS
Hi @jonas.hammarback,
Thank you for the reply.
Basically yes!, customer is asking something like MFA scenario authenticating the user via U/N & password meanwhile authenticate the machine via the device certificate.
Can't we implement a solution like first authenticate via certificates then ask U/N & password ?
Original Message:
Sent: Jul 04, 2024 02:51 AM
From: jonas.hammarback
Subject: Simultaneous use of EAP-PEAP and EAP-TLS
Hi
Short answer is No. If you are talking about performing both methods at the same time during 802.1x.
Can you describe more about the intention behind the request to do this and also what types of clients the users will utilize?
Is the intention to implement a type of multifactor authentication?
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: Jul 04, 2024 02:41 AM
From: nipunmeewella
Subject: Simultaneous use of EAP-PEAP and EAP-TLS
Hi All,
I need to know whether the same client can be authenticated from both the methods EAP-PEAP and EAP-TLS simultaneously. As a brief, user need to log in to the same SSID using Username and Password as well as certificate authentication also need to be done via EAP-TLS.
Thank you