Security

Reply
Contributor II
Posts: 70
Registered: ‎05-01-2015

What is the different between Terminated on Controller and Not Terminated on Controller?

Hi guys,

 

I saw the option on Cotroller 's GUI, but I still don't understand the point of terminated on controller.

 

Could some one explain about it, please?

Guru Elite
Posts: 8,320
Registered: ‎09-08-2010

Re: What is the different between Terminated on Controller and Not Terminated on Controller?

Contributor II
Posts: 70
Registered: ‎05-01-2015

Re: What is the different between Terminated on Controller and Not Terminated on Controller?

Thanks a lot, so the whole point of terminated on controller is that the role of the controller is played.

If we enable the termination on controller, then the controller would act like a authenticator,

If we disenable the termination on controller, then the controller just simply sends the packets to the Radius Server,  the Radius Server would act like a authenticator and a authentication server at the same time.

 

Is that right?

Guru Elite
Posts: 8,320
Registered: ‎09-08-2010

Re: What is the different between Terminated on Controller and Not Terminated on Controller?

[ Edited ]

The controller is still the authenticator.

Termination:
Controller >> [LDAP/S] >> AD/LDAP
TLS tunnel: Client >> Controller

Not terminated:
Controller >> [RADIUS] >> RADIUS server > AD/LDAP
TLS tunnel: Client >> RADIUS server


You should definitely terminate on a RADIUS server.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 70
Registered: ‎05-01-2015

Re: What is the different between Terminated on Controller and Not Terminated on Controller?

Thanks again, it looks like I have to learn about the TLS first.

Guru Elite
Posts: 8,320
Registered: ‎09-08-2010

Re: What is the different between Terminated on Controller and Not Terminated on Controller?

When using a tunneled EAP protocol like EAP-PEAP or EAP-TTLS, a secure tunnel is built between the client and RADIUS server (or controller if using termination) to exchange network credentials.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: