Security

Reply
Contributor II

Can you simultaneously support different VIA users, on the same controller, using PEAP and EAP-TLS?

We currently have a group of users authenticating their VIA access using EAP-PEAP.  We want to move them to EAP-TLS, using x.509 certs they have already been issued.  Can we configure the controller and/or ClearPass to simultaneously either/or auth mechanisms?  Would we need a different interface (and matching URL) for each, or could it all be done using the same interface and URL?

Guru Elite

Re: Can you simultaneously support different VIA users, on the same controller, using PEAP and EAP-T

Yes, you can. You just create a second set of profiles. One for each authentication method.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: Can you simultaneously support different VIA users, on the same controller, using PEAP and EAP-T


cappalli wrote:
Yes, you can. You just create a second set of profiles. One for each authentication method.

Thanks Tim - presumably you just have to be careful to issue the right profile to the right user at the right time?

Guru Elite

Re: Can you simultaneously support different VIA users, on the same controller, using PEAP and EAP-T

The user can either select the profile themselves (common) or you can return different user roles with different policies attached based on policy in ClearPass.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: