Intel SUpplicant, TLS and Outer Identity

Unanswered Question
Nov 30th, 2009
User Badges:

Dear All, Customer has installed Cisco UWN/ACS/Backend MS Directory and user WPA2 with TLS Machine Auth and CHAPv2 as inner Method. In the Intel Supplicant i have to administer the "Roaming Identity". We tried User Domain Accounts, anonymous and User Accounts with Wildcards in it. Sometimes these seems to issue Problems. Can anyone tell me what is a good Practice for the outer/ roaming Identity? Thx in adv, Michael

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Robert.N.Barrett_2 Mon, 11/30/2009 - 07:12
User Badges:
  • Bronze, 100 points or more

It really sort of depends on what you want others to be able to see.  The outer identity is sent in clear text over the air during the initial steps of EAP authentication.  In a world where you have a Microsoft or Cisco RADIUS server (IAS or ACS, respectively), and your client operating systems and wireless supplicants are up-to-date, you should be able to use "anonymous" without issues.  If you live in a MS Active Directory world, you definitely want to use either domain\userid, or "anonymous".


This Discussion



Trending Topics - Security & Network