Is there a way to have EAP-TEAP and EAP-TLS co-exist on the same service?
I have been testing EAP-TEAP on wireless and have it successfully working. Both methods are EAP-TLS. If I then enable EAP-TLS on the same service, clients that only use EAP-TLS do not connect and show the following alert "EAP: Client doesn't support configured EAP methods".
I have clients that don't support EAP-TEAP (i.e. iPads and MacBooks) and do not want to use a separate SSID. Furthermore, I'm also testing EAP-TEAP for wired authentication and would like the MacBooks to fall back to EAP-TLS.
Can you reply with some screenshots? It almost seams like maybe the client is trying EAP-PEAP instead of EAP-TLS?
Screenshots of the client SSID config and of the ClearPass service would be a big help.
Yes, should work. Here is the configuration the I have, it even has PEAP enabled in the same service/SSID in addition to TLS and TEAP.
Here is a client connecting with EAP-TLS on the SSID that I showed the service for:
That client is a Windows 10, not Win11; but that should not make a big difference. From the logs it looks like the client is attempting TEAP, not EAP-TLS, and it the client that decides which authentication method to use.
One other approach would be to split up the services into two.. you can do that by filtering on the anonymous username that you can set for TEAP:
But EAP-TLS and TEAP in one service should just work...
Couple of things to check:
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.