Security

Reply
Highlighted
New Contributor

EAP-TTLS/PAP authentication for network users

Hello,

 

We're setting up MFA-enabled RADIUS for wifi and ethernet network users. The server that we're using supports EAP-TTLS/PAP for this.

 

We are using Aruba IAP 305's and 2540-48G Poe switches.

Is there a way to enable or force EAP-TTLS/PAP auth on these devices?

 

So far I haven't found the option and the devices prefer other authentication types over what I wish to use.

 

Cheers!

New Contributor

Re: EAP-TTLS/PAP authentication for network users

The EAP method is only significant between the client (supplicant) and the RADIUS server.  The NADs like IAPs and switches do not care what EAP method is used.  

Guru Elite

Re: EAP-TTLS/PAP authentication for network users

MFA with 802.1X is not really feasible.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: EAP-TTLS/PAP authentication for network users

Thanks both for the input. I had similar suspicions about this specific setup's feasibility.

 


@ryderrtr1 wrote:

So far I haven't found the option and the devices prefer other authentication types over what I wish to use.


I should clarify that by devices I meant my end user devices here and not the network appliances. The idea was to force the client devices to use a specific authentication method over another.

Guru Elite

Re: EAP-TTLS/PAP authentication for network users

The only realistic way to handle modern MFA for network users is a browser-based sandwich flow.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: