Security

Reply
Occasional Contributor II
Posts: 18
Registered: ‎09-16-2015

Question On EAP PEAP And Certificates

We are implementing dot1x authentication using ClearPass as the radius server. I am trying to understand how to prevent users from creating a new wireless network profile and bypassing the Radius server certificates.

 

Currently a user can create a new profile and not click on Validate server certificate by passing the EAP tunnel and sending their passwords not in a tunnel.

 

 

Is there something on the Aruba controller I can do to enforce this in the AAA autentication profile or in ClearPass?

 

 

 

 

 

 

 

Guru Elite
Posts: 8,643
Registered: ‎09-08-2010

Re: Question On EAP PEAP And Certificates

Unfortunately no. It's a client-side configuration. The recommendation would
be to use EAP-TLS if this is a concern.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: