I've read an article by George Ou and he mentions that a main difference between PEAP-TLS and EAP-TLS is that the client certificate in PEAP-TLS is partially encrypted and EAP-TLS does not. Does this simply mean that the certificate in PEAP-TLS cannot be exported where EAP-TLS can? Can anyone shed more information on the differences between these two EAP methods? I know PEAP-TLS is only supported by Microsoft.
I just found the doc I think you've read on the web. It's pretty good.
What he's talking about is that when you initially authenticate, PEAP-EAP-TLS establishes a TLS tunnel before sending any authentication credentials. Straight EAP-TLS does it's first phase in the clear, so certain information is visable. It's not really anything to do with whether a certificate is exportable or not on the client device (which is what I think you mean). I think I've got that right, but I'm going from memory.
Differences? Basically the most secure method is PEAP-EAP-TLS (PEAP-GTC is good too). EAP-TLS is almost as good, and PEAP-MSCHAPv2 is a weaker. PEAP is Mircosoft's implementation that encapsulates other EAP types. Other vendors do sometimes write PEAP functions into there software, so it's not only supported by Microsoft, but you need to check on a device by device basis as they don't always support all functions. e.g. Cisco adapters support PEAP-MSCHAPv2 and PEAP-GTC, and EAP-TLS directly in the ADU utility. But they only support raw EAP-TLS as far as I know (unless anybody knows different?). i.e. they don't support PEAP-EAP-TLS. You need to use XP Zero instead.
It really sounds like he's talking about the certificate that exists locally. I was hoping to find out how ecrypting them locally would affect exportation of these certificates.If I'm wrong, wouldn't the TLS tunnel built using the server's certificate just be hiding the user ID (or machine ID)? Is that the only benefit?
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...