07-07-2016 03:44 AM - edited 03-10-2019 11:54 PM
Can anyone please explain the advantage (if any!) of using PEAP-EAP-TLS as opposed to just EAP-TLS for wired 802.1x deployments.
We are deploying wired 802.1x machine based authentication and have a PKI infrastructure, I was under the impression that we just need to use EAP-TLS since we have a working PKI deployment and all machines have a certificate.
The server guys seem to think we need to use PEAP with EAP-TLS, but cant really explain to me why, this just seems like extra work, is there any advantage ? I can understand using PEAP for things like MS-CHAP authentication, but since we are using EAP-TLS anyway this seems pointless.
Thanks
07-07-2016 04:46 AM
Hi
Eap-tls is based on client certificate authentication while peap-eap-tls is based on server side certificate authentication.
With peap-eap-tls, the 1st phase will be the encrypted tunnel with server side authentication and then all user sensitive information are encrypted. With this method, no user certificate will be required. It's peap v1.
With eap-tls, you will need a user certificate to authenticate.
I attach an image that show you differences. Take a look at column 2 and 4.
Thanks
PS: Please don't forget to rate and mark as correct answer if this solved your issue
04-26-2017 07:28 PM
This is incorrect. PEAP-EAP-TLS encrypts the EAP-TLS certificate transfer with a PEAP Tunnel. Certificates are still required on both the client and server. There is just added security of a TLS tunnel prior to certificate exchange. PEAP-EAP-MSCHAPv2 only requires a server side certificate while the rest of the authentication is performed as user/pass.
04-26-2017 08:01 PM
Yes your right and I'm sorry. I'm thinking why i answered this when the question was peap-eap-tls.
Maybe i thought (I red to quickly) it was asked eap-ttls on which client authentication isn't required.
Thanks for having corrected the answer.
04-26-2017 08:18 PM
Not a problem!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide