Security

Reply
New Contributor
Posts: 3
Registered: ‎01-23-2013

Possibility of rsa secure-id for two-factor authentication in Aruba Controller/Airwave/CPPM

Aruba Community,

 

Hope all is well.

 

I would like to request assistance if its possible to integrate RSA Token for 2-factor authentication in Aruba Controller/Airwave/CPPM.  We are hardening our environment and my Manager wanted me to explore this option. 


Appreciate any input to get this started.  Also,  if anyone implemented this in their environment that would be great. 

 

 

 

Sincerely,

 

Dante

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Possibility of rsa secure-id for two-factor authentication in Aruba Controller/Airwave/CPPM

[ Edited ]

I will let others chime in about their specific experience with deployments:

 

Authentication with RSA secure-ID is possible with the controller, or with the additional policy infrastructure of Clearpass Policy manager.  Both methods require that your wireless endpoints have a supplicant installed that supports EAP-GTC.  EAP-GTC is necessary due to the method that RSA uses for authentication.  The built-in Windows supplicant does not support EAP-GTC.  Juniper Odyssey is probably the most popular and flexible client-side supplicant. The advantage of using ClearPass instead of the controller allows you to make additional policy decisions based on attributes returned from AD based on the username that the user logs into RSA with.

 

Important supported aspects of of ClearPass or controller deployment is something called "Token Caching", where the user does not have to key in his/her pincode every time the laptop roams.

 

For logging into the management interfaces of Airwave, the controller, and ClearPass, RSA Token Authentication is supported without loading a supplicant on your endpoint devices.  This is done authenticating directly to RSA using radius.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 29
Registered: ‎08-06-2013

Re: Possibility of rsa secure-id for two-factor authentication in Aruba Controller/Airwave/CPPM

Hi Cjoseph,

 

Do you have a walkthrough/documentation on how to setup the logging to the management interfaces of the aruba controller, airwave, and CPPM using RSA?

 


Thanks alot!

 

Oliver

MVP
Posts: 1,399
Registered: ‎10-25-2011

Re: Possibility of rsa secure-id for two-factor authentication in Aruba Controller/Airwave/CPPM

I would be very interested in this as well. Customer of ours was audited and this is now on the agenda.
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Possibility of rsa secure-id for two-factor authentication in Aruba Controller/Airwave/CPPM


oliverm wrote:

Hi Cjoseph,

 

Do you have a walkthrough/documentation on how to setup the logging to the management interfaces of the aruba controller, airwave, and CPPM using RSA?

 


Thanks alot!

 

Oliver


Oliverm,

 

The audit trail log in the controller should say who logs in and logs out of the management interface.  Is that what you are talking about?

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
MVP
Posts: 1,399
Registered: ‎10-25-2011

Re: Possibility of rsa secure-id for two-factor authentication in Aruba Controller/Airwave/CPPM

I believe he is referring to using RSA to log into the management interfaces of said devices.
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Possibility of rsa secure-id for two-factor authentication in Aruba Controller/Airwave/CPPM

I do not have the documentation, but the RSA server is a radius server, as well, and the controller can authenticate to that.  He probably should contact RSA for authentication as well as authorization configuration steps....  I'm sorry:(...

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: