Frequent Contributor I

Understanding 802.1x

We now have an 802.1x wireless SSID. I looking for a source that can tell me in detail how this authentication occurs. We are using the following:


Termination EAP-Type: eap-peap

Termination Inner EAP-Type: eap-mschapv2

We are terminating on the controller

Use Windows RADIUS and an Active Directory server

We have 2 RADIUS servers and we had to terminate on the controller to get the fail-through to work on AOS


I don't understand what "inner EAP" is and can't find a resource to explain it. I would love to have a details list of stepes that take place for the type of authentication.


Thanks for your help,

Re: Understanding 802.1x


PEAPv0 and PEAPv1 both refer to the outer authentication method and are the mechanisms that create the secure TLS tunnel to protect subsequent authentication transactions. EAP-MSCHAPv2, EAP-GTC, and EAP-SIM refer to the inner authentication methods which provide user or device authentication.


When you use EAP-MSCHAPV2 as an inner type means that you don't require a client certificate but need a server certificate and the clients need a password instead.


The PEAP (outer) creates a TLS tunnel to secure this transaction over the network.

Thank you

Victor Fabian
Lead Mobility Architect @WEI
Frequent Contributor I

Re: Understanding 802.1x

Very helpful!!! Thank you.

Guru Elite

Re: Understanding 802.1x

With PEAP-MSCHAPv2, it is important to always configure the client to validate the server certificate. Many people turn this off for troubleshooting and then don't turn it back on. Also, many people think it eases the client configuration piece but in reality you are bypassing the server authentication part of the PEAP process which is important for securing client credentials.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
Showing results for 
Search instead for 
Did you mean: