https://community.cisco.com/t5/network-access-control/802-1x-eap-tls-vs-peap-eap-tls/m-p/2901250#M39163 <P>Not a problem!&nbsp;</P> Thu, 27 Apr 2017 03:18:05 GMT alburger 2017-04-27T03:18:05Z https://community.cisco.com/t5/network-access-control/802-1x-eap-tls-vs-peap-eap-tls/m-p/2901246#M39158 <DIV class="usertext-body may-blank-within md-container "> <DIV class="md"> <P>Can anyone please explain the advantage (if any!) of using PEAP-EAP-TLS as opposed to just EAP-TLS for wired 802.1x deployments.</P> <P>We are deploying wired 802.1x machine based authentication and have a PKI infrastructure, I was under the impression that we just need to use EAP-TLS since we have a working PKI deployment and all machines have a certificate.</P> <P>The server guys seem to think we need to use PEAP with EAP-TLS, but cant really explain to me why, this just seems like extra work, is there any advantage ? I can understand using PEAP for things like MS-CHAP authentication, but since we are using EAP-TLS anyway this seems pointless.</P> <P>Thanks</P> </DIV> </DIV> Mon, 11 Mar 2019 06:54:56 GMT https://community.cisco.com/t5/network-access-control/802-1x-eap-tls-vs-peap-eap-tls/m-p/2901246#M39158 craig.cartlidge1 2019-03-11T06:54:56Z https://community.cisco.com/t5/network-access-control/802-1x-eap-tls-vs-peap-eap-tls/m-p/2901247#M39160 <P>Hi</P> <P></P> <P>Eap-tls is based on client certificate authentication while peap-eap-tls is based on server side certificate authentication.&nbsp;</P> <P>With peap-eap-tls, the 1st phase will be the encrypted tunnel with server side authentication and then all user sensitive information are encrypted. With&nbsp;this method, no user certificate will be required. It's peap v1.</P> <P>With eap-tls, you will need a user certificate to authenticate.&nbsp;</P> <P>I attach an image that show you differences. Take &nbsp;a look at column 2 and 4.</P> <P>Thanks&nbsp;</P> <P>PS: Please don't forget to rate and mark as correct answer if this solved your issue&nbsp;</P> <P></P> <P></P> Thu, 07 Jul 2016 11:46:53 GMT https://community.cisco.com/t5/network-access-control/802-1x-eap-tls-vs-peap-eap-tls/m-p/2901247#M39160 Francesco Molino 2016-07-07T11:46:53Z https://community.cisco.com/t5/network-access-control/802-1x-eap-tls-vs-peap-eap-tls/m-p/2901248#M39161 <P>This is incorrect. PEAP-EAP-TLS encrypts the EAP-TLS certificate transfer with a PEAP Tunnel. Certificates are still required on both the client and server. There is just added security of a TLS tunnel prior to certificate exchange. PEAP-EAP-MSCHAPv2 only requires a server side certificate while the rest of the authentication is performed as user/pass.&nbsp;</P> Thu, 27 Apr 2017 02:28:35 GMT https://community.cisco.com/t5/network-access-control/802-1x-eap-tls-vs-peap-eap-tls/m-p/2901248#M39161 alburger 2017-04-27T02:28:35Z https://community.cisco.com/t5/network-access-control/802-1x-eap-tls-vs-peap-eap-tls/m-p/2901249#M39162 <P>Yes your right and I'm sorry. I'm thinking why i answered this when the question was peap-eap-tls.&nbsp;</P> <P></P> <P>Maybe i thought (I red to quickly) it was asked eap-ttls on which client authentication isn't required.&nbsp;</P> <P></P> <P>Thanks for having corrected the answer.&nbsp;</P> Thu, 27 Apr 2017 03:01:55 GMT https://community.cisco.com/t5/network-access-control/802-1x-eap-tls-vs-peap-eap-tls/m-p/2901249#M39162 Francesco Molino 2017-04-27T03:01:55Z https://community.cisco.com/t5/network-access-control/802-1x-eap-tls-vs-peap-eap-tls/m-p/2901250#M39163 <P>Not a problem!&nbsp;</P> Thu, 27 Apr 2017 03:18:05 GMT https://community.cisco.com/t5/network-access-control/802-1x-eap-tls-vs-peap-eap-tls/m-p/2901250#M39163 alburger 2017-04-27T03:18:05Z