Security

Reply
Contributor II

EAP-TLS Service Rule

I'm trying to create two service rules for the same SSID: one for EAP-TLS and one for EAP-PEAP (or anything other than EAP-TLS). I have for the service rule for the EAP-TLS service:

 

Type: Authentication

Name: OuterMethod

Operator: EQUALS

Value: EAP-TLS

 

I cannot get clients to hit this service with this rule. Trying to find out if the type should be different or if I'm messing something up in my logic. I have the same service rule for EAP-PEAP, but with a "NOTEQUALS" for the operator. 

 

Any ideas?

Guru Elite

Re: EAP-TLS Service Rule

EAP method is negotiated after service categorization and thus cannot be used to categorize a service.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: EAP-TLS Service Rule

Ah man! That stinks....but good to know. I guess I have to come up with better logic to get EAP-TLS and EAP-PEAP on one SSID. 


Thanks Tim! That helps me save time trying to figure this out.

Guru Elite

Re: EAP-TLS Service Rule

You can use OuterMethod in your enforcement policy. This is a pretty standard practice.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: EAP-TLS Service Rule

Thanks Tim,

 

To make sure I understand, instead of splitting the Services up, keep one service but split the roles based on the enforcment policy?

Contributor II

Re: EAP-TLS Service Rule

Think I got this down...thanks to you Tim.


*Created one service

*Used all types of authentications I will use on this SSID

*Split the different roles/traffic via the enforcement policies, which are based on the OuterMethod

 

You rock man! Thanks again!

Guru Elite

Re: EAP-TLS Service Rule

Awesome, glad you got it working!

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: