EAP-PEAP and EAP-TLS on same switched network

Unanswered Question
Aug 31st, 2010
User Badges:

Hello,


I'd like to enable both EAP-PEAP and EAP-TLS on the same network to support 802.1x authentication. The reasons are because of historical things i.e. 'older' devices use PEAP and newer devices  use TLS. Over time all will be using TLS, but for now both will the there.


The AAA server is a Cisco ASC (4.2 or 5.1 - don't know yet)


I've not tested this or so, but I don't think this will be an issue....because from a switch point of view, it is just passing EAP traffic to teh Radius and so the required services need to be made available on the Radius server...is that a correct assumption?


Thanks,

Guy

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jean Paul Enerst Tue, 08/31/2010 - 12:24
User Badges:

You are right Guy, the switch just as act as an termediary device. It just passes EAPOL packet between the ACS server and client, and waits till the ACS server authenticate the client(internal DB, or external DB= AD, LDAP). You just need to enable EAP/TLS, MS-CHAP and MS-CHAPv2 for PEAP in the ACS server. Last make sure that your certificates at both side are valid and sign by the CA.


Good Luck,


--Jean Paul

Actions

This Discussion