Good morning all. I'm curious of the strategy to setup your enterprise WLAN service with EAP-FAST but in ISE I can see that we don't use PAC's and we have both checked " Accept Client Certificate" and "Allow Machine Authentication" [Enable EAP Chaining is also checked]. I'm a bit perplexed because I'm reading that EAP-FAST allows you to achieve mutual authentication w/o certificates.
So my understanding is that by setting the environment up like this, we are using EAP-FAST with machine certificates and AD login [Allow EAP-MS-CHAPv2 is also selected in this authentication profile] to cryptographically "bind" the authentications and perform EAP chaining. Do I have this right?
I'm just curious of why do it this way vs just allowing PAC files to be generated etc. It seems like that would be less complex however maybe it's not as secure? I appreciate any feedback, I'm trying to upskill in WLAN authentications and ISE etc.
No comments:
Post a Comment