Occasional Contributor II

Question On EAP PEAP And Certificates

We are implementing dot1x authentication using ClearPass as the radius server. I am trying to understand how to prevent users from creating a new wireless network profile and bypassing the Radius server certificates.


Currently a user can create a new profile and not click on Validate server certificate by passing the EAP tunnel and sending their passwords not in a tunnel.



Is there something on the Aruba controller I can do to enforce this in the AAA autentication profile or in ClearPass?








Guru Elite

Re: Question On EAP PEAP And Certificates

Unfortunately no. It's a client-side configuration. The recommendation would
be to use EAP-TLS if this is a concern.

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: