Valued Contributor I

Adding EAP-TLS support for a peap configured ssid


I've got a simple clearpass service that allows a client to authenticate using eap-peap against our AD system. Simple thing and it just works. I now want to also allow eap-tls authentication on the same ssid.


I can't just add the eap tls with ocsp authentication method to my working service so I need to create another service only for eap-tls.


On my dev server I've set up the following service configured with only the eap-tls method. A clearpass generated client cert then allows an android device to connet to SSID alexs-test.Looking at the summary, it says authentication method EAP-TLS


alexs-tesst service.png

Here is the successful auth.



Given that the Authentication method says its EAP-TLS, I then added an extra line to this service selection criteria to try and only select eap-tls authentications.




tls service rule.png


but the service doesn't get selected. How can I only select this service for eap-tls requests?




Guru Elite

Re: Adding EAP-TLS support for a peap configured ssid

You need to use the same service as EAP-PEAP and add EAP-TLS to the authentication tab and service it from there.  

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Valued Contributor I

Re: Adding EAP-TLS support for a peap configured ssid

Tried that initally and it failed hence the question about having a second service. However, fixed it as my local copy of the eap-tls method had authorization required enabled which meant the clearpass was trying to query AD, which failed.


Here's the authorization section of my service

Authorization details.png

And this is the Auth method that works


So I've got 1 service which auth's peap and tls, which is qwhat I wanted in the first place!




Search Airheads
Showing results for 
Search instead for 
Did you mean: