Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
641
Views
0
Helpful
1
Replies

EAP-PEAP and EAP-TLS on same switched network

g.raymakers
Level 1
Level 1

ā€Ž08-31-2010 08:03 AM - edited ā€Ž03-10-2019 05:22 PM

Hello,

I'd like to enable both EAP-PEAP and EAP-TLS on the same network to support 802.1x authentication. The reasons are because of historical things i.e. 'older' devices use PEAP and newer devices  use TLS. Over time all will be using TLS, but for now both will the there.

The AAA server is a Cisco ASC (4.2 or 5.1 - don't know yet)

I've not tested this or so, but I don't think this will be an issue....because from a switch point of view, it is just passing EAP traffic to teh Radius and so the required services need to be made available on the Radius server...is that a correct assumption?

Thanks,

Guy

Labels:
0 Helpful
1 Reply 1

Jean Paul Enerst
Level 3
Level 3

ā€Ž08-31-2010 12:24 PM

You are right Guy, the switch just as act as an termediary device. It just passes EAPOL packet between the ACS server and client, and waits till the ACS server authenticate the client(internal DB, or external DB= AD, LDAP). You just need to enable EAP/TLS, MS-CHAP and MS-CHAPv2 for PEAP in the ACS server. Last make sure that your certificates at both side are valid and sign by the CA.

Good Luck,

--Jean Paul

0 Helpful
Customers Also Viewed These Support Documents