Hi, with basic config this can be done. eg ensure eap config has peap as the default , server will offer that. The client will NAK , if the server is also configured for ttls then it will offer that (next, if it's the next available configured method) client then authenticated. Alan