cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1386
Views
3
Helpful
5
Replies

EAP-PEAP Public with ISE

rmueller@cisco.com
Cisco Employee
Cisco Employee

Hi all,

my customer is asking if we support EAP-PEAP Public on ISE. Aruba is having such a thing to support easy secure connectivy for wirless guests.

Could not find anyhting within the documentation - but would like to double check with the community.

The only way to "rebuild" such a thing would be to have one user within the idendity database which has to be able to open 100s of sessions, right?

Roland

1 Accepted Solution

Accepted Solutions

EAP-PEAP Public is an Aruba marketing term (not an IETF standard) which implements regular EAP-PEAP, but the Clearpass server doesn't access an external identity source.  The creds MUST live in Clearpass.  So this is what they call High Capacity Guest mode.  It's EAP-PEAP on steroids.  But that's it.

So you could try building it yourself in ISE by specifying internal users as your Authentication Identity Source.

View solution in original post

5 Replies 5

Jason Kunst
Cisco Employee
Cisco Employee

Can you please explain further what you’re trying to accomplish?

We don’t support such feature but perhaps there is a another way?

The customer want’s to have a quick and easy way for guests to connect to a secured guest network, not an open one.

Roland

Roland Mueller

CONSULTING SYSTEMS ENGINEER.SECURITY SALES

rmueller@cisco.com<mailto:rmueller@cisco.com>

Tel: +49 711 2391 1306

Cisco Systems, Inc.

City Plaza - 4th Floor Rotebuehlplatz 21-25

STUTTGART

70178

Germany

cisco.com

Think before you print.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.

Please click here<http://www.cisco.com/web/about/doing_business/legal/cri/index.html> for Company Registration Information.

OK and why cant you provide the credentials from the guest network to them to connect to a secured peap network

Or you can use WPAPSK

Not sure what else can be done to make it easier than that

EAP-PEAP Public is an Aruba marketing term (not an IETF standard) which implements regular EAP-PEAP, but the Clearpass server doesn't access an external identity source.  The creds MUST live in Clearpass.  So this is what they call High Capacity Guest mode.  It's EAP-PEAP on steroids.  But that's it.

So you could try building it yourself in ISE by specifying internal users as your Authentication Identity Source.

Nothing we can’t do today then with our guest system

Just under guest type check the box for bypass the portal so they aren’t required to login