Security

last person joined: 20 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Can you simultaneously support different VIA users, on the same controller, using PEAP and EAP-TLS?

This thread has been viewed 0 times

  • 1.  Can you simultaneously support different VIA users, on the same controller, using PEAP and EAP-TLS?

    Posted Aug 31, 2016 10:50 AM

    We currently have a group of users authenticating their VIA access using EAP-PEAP.  We want to move them to EAP-TLS, using x.509 certs they have already been issued.  Can we configure the controller and/or ClearPass to simultaneously either/or auth mechanisms?  Would we need a different interface (and matching URL) for each, or could it all be done using the same interface and URL?



  • 2.  RE: Can you simultaneously support different VIA users, on the same controller, using PEAP and EAP-TLS?

    EMPLOYEE
    Posted Aug 31, 2016 10:58 AM
    Yes, you can. You just create a second set of profiles. One for each authentication method.


  • 3.  RE: Can you simultaneously support different VIA users, on the same controller, using PEAP and EAP-TLS?

    Posted Aug 31, 2016 11:05 AM
    @cappalli wrote:
    Yes, you can. You just create a second set of profiles. One for each authentication method.

    Thanks Tim - presumably you just have to be careful to issue the right profile to the right user at the right time?



  • 4.  RE: Can you simultaneously support different VIA users, on the same controller, using PEAP and EAP-TLS?

    EMPLOYEE
    Posted Aug 31, 2016 11:07 AM
    The user can either select the profile themselves (common) or you can return different user roles with different policies attached based on policy in ClearPass.