We have Cisco ACS with 2 user groups.
LAN with eap-peap
WLAN with EAP-TLS.
The Supplicant on the PC's is Cisco Security services client.
We are using machine authentication on LAN, using EAP-PEAP and machine user/pass.
On the WLAN we will use EAP-TLS based on SmartCards.
We are seeing that when we are configuring "Allow EAP-MSCHAPv2" on the global auth page in the ACS, it is possible to authenticate with username and password on the WLAN. This is because the "Allow EAP-MSCHAPv2" is a global command.
Is it possible to force EAP-PEAP for the LAN group, and force EAP-TLS for the WLAN group?
Model: Cisco ACS 3.3.11
OS Revision: Cisco ACS 3.3.11