Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1945
Views
0
Helpful
2
Replies

Does EAP-TTLS support mandatory client side certificates?

eveares
Level 1
Level 1

‎05-05-2021 08:34 PM - edited ‎07-05-2021 01:16 PM

Hi all, in regards to Wi-Fi and specifically RADIUS in the general sense and in the scope of generic and non-Cisco proprietary implementations of Wi-Fi and RADIUS, does EAP-TTLS also support mandatory client side certificates like EAP-TLS does?

 

Also does EAP-TLS support active directory username/password authentication like EAP-TTLS does?

 

My understanding is EAP-TTLS supports AD credential authentication but not mandatory client side certificate authentication, and EAP-TLS supports mandatory client side certificate authentication but not AD credential authentication. Is this correct?

 

Regards: Elliott.

0 Helpful
2 Replies 2

saravlak
Spotlight
Spotlight

‎05-05-2021 10:47 PM

If you want to use 802.1X with EAP-TLS protocol then we need both client and server certificate and for EAP-PEAP/TTLS we need only server certificate, client side cert is optional.

 

Authentication mode can be User or Computer for EAP-PEAP/TLS/TTLS.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎05-06-2021 12:03 AM

EAP-TLS is probably the most favored from security folks as it requires a client and server side certificate. This allows the radius server (if supported) to check various attributes before authentication happens. EAP-PEAP is next in line as this is probably the most implemented EAP type and used over EAP-TTLS. The later two doesn’t require a client side certificate but credentials. 

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card