Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

EAP-TLS machine authentication

This thread has been viewed 8 times

  • 1.  EAP-TLS machine authentication

    Posted Aug 27, 2018 11:32 AM

    Hi Guys,

     

    I am setting up an eap-tls lab with  IAPs, Clearpass and some windows machines.

    I wanted to know:

     

    - After clearpass authenticates the machine with its certificate, what would be the tls tunnel endpoints? in other words, if the authentication is between clearpass and the windows machines, will the tunnel be established between clearpass and the machines or between the IAP and the machines? 

     

    - in case both machine and user authentication are implemented, is the user traffic going to be encrypted using the user certificate or the machine certificate?

     

    - in case only the machine authentication is implemented, what traffic is going to be encrypted via the TLS tunnel?

     

    Thanks in advane for any clarification

    Regards,



  • 2.  RE: EAP-TLS machine authentication

    EMPLOYEE
    Posted Aug 27, 2018 11:35 AM
    The TLS session is between the supplicant (client) and authentication server (ClearPass).

    The only relationship between the authentication session and encryption is key derivation for WPA2-Enterprise.