- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-13-2025 04:36 AM
Hello Community,
We have upgraded from Win 10 to Win 11 and are currently using EAP PEAP as the 802.1x authentication method. I was told this would no longer work with Win 11 and we would need to implement EAP TLS. I understand EAP TLS is not available for the version of XIQ SE we have - 23.4.12.3.
However, I believe later version of XIQ SE support EAP TLS. If this is not the case please let me know. Could anyone let me know which minimum version of XIQ SE supports EAP TLS for XIQ SE and will I need a root certificate to be installed on XIQ SE and the NAC devices?
Is there a guide or similar I could use to Implement EAP TLS?
Currently, we use the built in 802.1x authentication via a LDAP server. This I believe supports MsCHAP, PEAP and EAP-MsCHAPV2 only.
Many Thanks,
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-13-2025 05:28 AM - edited ‎03-13-2025 05:30 AM
Hi Asifi,
Any version of XIQ-SE supports EAP-TLS.
If you want EAP-PEAP to be still supported in Windows 11 clients, you will probably need to disable Credential Guard feature.
These links might be useful:
https://extreme-networks.my.site.com/ExtrArticleDetail?an=000100238&q=windows%2011%20802%201x
However, using EAP-TLS is a way better than EAP-PEAP in terms of security.
REGARDS, Robert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-13-2025 06:34 AM
@Robert_Zdzieblo - thank you for confirming. Can I update the existing authentication to use EP TLS or will this require new rules?
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-13-2025 05:28 AM - edited ‎03-13-2025 05:30 AM
Hi Asifi,
Any version of XIQ-SE supports EAP-TLS.
If you want EAP-PEAP to be still supported in Windows 11 clients, you will probably need to disable Credential Guard feature.
These links might be useful:
https://extreme-networks.my.site.com/ExtrArticleDetail?an=000100238&q=windows%2011%20802%201x
However, using EAP-TLS is a way better than EAP-PEAP in terms of security.
REGARDS, Robert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-13-2025 05:26 AM - edited ‎03-13-2025 05:27 AM
Hi Asifi,
PEAP is available in Windows 11:
EAP-TLS is available since the beginning of XIQ-SE. Documentation: https://emc.extremenetworks.com/content/search.htm?q=eap-tls
Anyway, I heavily recommend upgrading to recent version of XIQ-SE because of new features and security patches.
Sincerely yours
Zdenek
