Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1094
Views
3
Helpful
5
Replies

EAP-PEAP Public with ISE

Go to solution
rmueller@cisco.com
Cisco Employee
Cisco Employee

‎05-29-2018 03:32 AM

Hi all,

my customer is asking if we support EAP-PEAP Public on ISE. Aruba is having such a thing to support easy secure connectivy for wirless guests.

Could not find anyhting within the documentation - but would like to double check with the community.

The only way to "rebuild" such a thing would be to have one user within the idendity database which has to be able to open 100s of sessions, right?

Roland

1 Accepted Solution

Accepted Solutions

Go to solution
Arne Bier
VIP
VIP
In response to Jason Kunst

‎05-29-2018 02:52 PM

EAP-PEAP Public is an Aruba marketing term (not an IETF standard) which implements regular EAP-PEAP, but the Clearpass server doesn't access an external identity source.  The creds MUST live in Clearpass.  So this is what they call High Capacity Guest mode.  It's EAP-PEAP on steroids.  But that's it.

So you could try building it yourself in ISE by specifying internal users as your Authentication Identity Source.

View solution in original post

5 Replies 5

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎05-29-2018 04:47 AM

Can you please explain further what you’re trying to accomplish?

We don’t support such feature but perhaps there is a another way?

0 Helpful

Go to solution
rmueller@cisco.com
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎05-29-2018 06:32 AM

The customer want’s to have a quick and easy way for guests to connect to a secured guest network, not an open one.

Roland

Roland Mueller

CONSULTING SYSTEMS ENGINEER.SECURITY SALES

rmueller@cisco.com<mailto:rmueller@cisco.com>

Tel: +49 711 2391 1306

Cisco Systems, Inc.

City Plaza - 4th Floor Rotebuehlplatz 21-25

STUTTGART

70178

Germany

cisco.com

Think before you print.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.

Please click here<http://www.cisco.com/web/about/doing_business/legal/cri/index.html> for Company Registration Information.

Preview file
1 KB
Preview file
93 KB
0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to rmueller@cisco.com

‎05-29-2018 06:39 AM

OK and why cant you provide the credentials from the guest network to them to connect to a secured peap network

Or you can use WPAPSK

Not sure what else can be done to make it easier than that

Go to solution
Arne Bier
VIP
VIP
In response to Jason Kunst

‎05-29-2018 02:52 PM

EAP-PEAP Public is an Aruba marketing term (not an IETF standard) which implements regular EAP-PEAP, but the Clearpass server doesn't access an external identity source.  The creds MUST live in Clearpass.  So this is what they call High Capacity Guest mode.  It's EAP-PEAP on steroids.  But that's it.

So you could try building it yourself in ISE by specifying internal users as your Authentication Identity Source.

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Arne Bier

‎05-29-2018 03:05 PM

Nothing we can’t do today then with our guest system

Just under guest type check the box for bypass the portal so they aren’t required to login

0 Helpful
Customers Also Viewed These Support Documents