Security

Reply
New Contributor

PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

Hi, when using a PEAP/MS-CHAPv2 arrangement, is it possible to verify whether a supplicant is connecting with/without checking certificate validity, please? It'd be useful to be able to identify which users are at risk of having the credentials poached by fake APs etc. Thank you

Guru Elite

Re: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

It is not possible. 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Guru Elite

Re: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

No. That's why you don't use PEAP.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

Thanks both.

New Contributor

Re: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

Thanks Tim. is there a better option than PEAP that works across Mac/PC/Linux/iOS/Android etc, please?

MVP Guru

Re: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

EAP-TLS authentication method can be used but managing this is little difficult as both supplicant and authenticaiton server need certifictes to trust each other.

Regards,
Pavan
If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Highlighted
New Contributor

Re: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

Thank you - understood - much appreciated!

Guru Elite

Re: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

EAP-TLS is the only recommended EAP method.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: