Security

Reply
Highlighted
New Contributor

EAP-TTLS/PAP authentication for network users

Hello,

 

We're setting up MFA-enabled RADIUS for wifi and ethernet network users. The server that we're using supports EAP-TTLS/PAP for this.

 

We are using Aruba IAP 305's and 2540-48G Poe switches.

Is there a way to enable or force EAP-TTLS/PAP auth on these devices?

 

So far I haven't found the option and the devices prefer other authentication types over what I wish to use.

 

Cheers!


Accepted Solutions
Highlighted
Moderator

Re: EAP-TTLS/PAP authentication for network users

MFA with 802.1X is not really feasible.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
New Contributor

Re: EAP-TTLS/PAP authentication for network users

The EAP method is only significant between the client (supplicant) and the RADIUS server.  The NADs like IAPs and switches do not care what EAP method is used.  

Highlighted
Moderator

Re: EAP-TTLS/PAP authentication for network users

MFA with 802.1X is not really feasible.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
New Contributor

Re: EAP-TTLS/PAP authentication for network users

Thanks both for the input. I had similar suspicions about this specific setup's feasibility.

 


@ryderrtr1 wrote:

So far I haven't found the option and the devices prefer other authentication types over what I wish to use.


I should clarify that by devices I meant my end user devices here and not the network appliances. The idea was to force the client devices to use a specific authentication method over another.

Highlighted
Moderator

Re: EAP-TTLS/PAP authentication for network users

The only realistic way to handle modern MFA for network users is a browser-based sandwich flow.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: