Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

TEAP Configuration for Windows Client

TEAP (Tunneled Extensible Authentication Protocol) is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. (RFC 7170 - Tunnel Extensible Authentication Protocol )

Currently TEAP support is available for Windows 10 Version and above.

As of now, you can configure wireless and wired profile with TEAP manually or through scripts, which can be distributed using MDM or GPO. Current MDM solutions do not provide out-of-the box support for TEAP configuration.

  1. Navigate to Control Panel > Network and Sharing Centre and click Set up a new connection or network.
    Figure 1: TEAP Configuration - Set up New Connection TEAP Configuration - Set up New Connection
  2. Select the Manually connect to a wireless network option.
    Figure 2: TEAP Configuration - Select Manually Connect Option TEAP Configuration - Select Manually Connect Option
  3. Enter the details for the wireless network.
    Figure 3: TEAP Configuration - Enter Wireless Network Details TEAP Configuration - Enter Wireless Network Details
    • Network Name—Provide an SSID name.
    • Security Type—Select the WPA3-Enterprise option.

    Click Next.

  4. Click Change connection settings.
    Figure 4: TEAP Configuration - Change Settings for Network TEAP Configuration - Change Settings for Network
  5. In the Wireless Network Properties, enter the details.
    Figure 5: TEAP Configuration - Choose Authentication Method TEAP Configuration - Choose Authentication Method
    • Choose a network authentication method—Select Microsoft:Tunnel EAP (TEAP).
    Click Settings.
  6. In the TEAP Properties window, select the options.
    Figure 6: TEAP Configuration - Select TEAP Properties TEAP Configuration - Select TEAP Properties
    • Connect to these servers—Enter auth.mist.com.
    • Trusted Root Certification Authorities—Select trusted Root CA for the client to validate Mist Access Assurance server certificate (or your custom RADIUS server certificate)
    • Select a primary EAP methods for authentication—Microsoft Smart Card or other certificate (EAP-TLS)
    • Select a secondary EAP methods for authentication—Microsoft Smart Card or other certificate (EAP-TLS)

    Click Configure for each of the EAP-TLS options.

  7. For each option, ensure Use simple certificate selection (Recommended) is selected and check the same Root CA to enable the client to trust Mist Access Assurance server certificate.
    Figure 7: TEAP Configuration - Choose Root CA TEAP Configuration - Choose Root CA

    Click OK.