This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Identity Privacy/Anonymous outer identities with PEAP inNAC

Identity Privacy/Anonymous outer identities with PEAP inNAC

Michael_Kirchne
Contributor

‎04-16-2014 06:43 AM

Hi,

is it possible to configure "Identity Privacy" with PEAP in NAC? This is possible with Microsoft NPS and is an option in common OS like Winows or Android. The key point is that the outer method does not include the "real" username. So if anyone captures the radius traffic the username is not sent in plaintext.

As this is feature is possible with freeRadius I expect it should also be possible with NAC?

Best Regards
Michael
0 Kudos
4 REPLIES 4

Tomasz
Valued Contributor II

‎03-24-2021 07:56 PM

Hi Sam,

 

I just saw those lines at the end of the post are actually a white-colored hyperlink to some website, crap marketing at its finest. 😄

 

Cheers,

Tomasz

SamPirok
Community Manager Community Manager
Community Manager

‎03-24-2021 04:15 PM

Hi @Lauretta, this thread is about 6 years old, you might have better luck creating a new thread to get feedback on this topic. 

0 Kudos

Michael_Kirchne
Contributor

‎04-16-2014 12:08 PM

Hi Tyler,

thanks for your reply. The possibility to proxy the request to NPS is possible but in my common scenarios the NAC acts as RADIUS endpoint, so it would be intresting if NAC can handle this without RADIUS Proxy.

Best Regards,
Michael
0 Kudos

TylerMarcotte
Extreme Employee

‎04-16-2014 11:53 AM

Michael - if you are proxying to another RADIUS server, you should be able to set it up there. I'm not sure if it's something you can do when terminating on a NAC appliance though. With that said, you have to be careful when doing that if you're planning on using rules based on username. If you have an anonymous outer-identity and are proxying to another server, then I believe we will only see that outer-identity when evaluating the rules. You can however, send back the username in the RADIUS Accept message to have it updated correctly in NAC and be able to use the rules.
0 Kudos
GTM-P2G8KFN