Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
272
Views
0
Helpful
2
Replies

EAP-TLS Vs MSCHAPV2

alliasneo1
Level 1
Level 1

‎02-07-2025 04:16 AM

Hi all, I just wanted some advice.

When implementing ISE, what is thre recommended authentication method for clients? Is it EAP-TLS or MSCHAPv2?

0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎02-07-2025 04:29 AM - edited ‎02-07-2025 04:55 AM

@alliasneo1 EAP-TLS is the recommended authentication method nowadays. If you use EAP-TLS for machine and user authentication you can use TEAP to provide EAP Chaining and make authentication more secure.

PEAP/MSCHAPv2 does not work when credential guard is enabled on Windows 10/11 devices, thus Microsoft recommends EAP-TLS https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/considerations-known-issues

 

0 Helpful

Flavio Miranda
VIP
VIP

‎02-07-2025 04:31 AM

@alliasneo1 

They are complementary. You need both at the end of the day.

EAP-TLS buids the encrypted tunnel between the supplicant and the authenticator and t" (MS-CHAPv2) is a password-based authentication protocol that verifies a user's identity when connecting to a network"

0 Helpful
Customers Also Viewed These Support Documents