Which EAP Method to Use?

Unanswered Question
Jan 11th, 2010


We are looking to implement 802.1x on our Wireless Network.  I need to support Windows XP and above, Apple Macs (maybe iPhones, etc) and some Linux.

I would have liked to have used PEAP with EAP-MSCHAPv2, however I am stuck with ACS 4.2 backended into LDAP (Oracle IDM) and this won't support MSCHAPv2.

We don't really want to spend anything on supplicants, so I'd like to know what method would be best for the spread of clients we have to support.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jatin Katyal Tue, 01/12/2010 - 06:30


I think you knew the answer, that is why you mentioned that you don't wana spend anything on the client side

Unfortunately, you will need to use EAP-GTC (Generic Token Card) method in order to work with LDAP integrated withradius server.

Cisco PEAP uses EAP-GTC although this only works in wireless environment and Microsoft PEAP uses EAP-MSCHAPv2.

Acs supports both the methods so only option here is to use GTC supplicant on the client side.

In order to enable EAP-GTC, you can use either one of them:


Cisco ACU utility




Plz rate helpful posts-


This Discussion