Wireless Access

Reply
New Contributor
Posts: 2
Registered: ‎05-27-2015

802.1x certificates

Hi Guys

 

Can someone please assist in directing me in the correct direction. Im looking to enable 802.1x authentication on an SSID, i believe that some sort of certificates are needed. Who can i contact and what do i ask for...?

 

Thanks

Nikesh

Guru Elite
Posts: 8,338
Registered: ‎09-08-2010

Re: 802.1x certificates

At a bare minimum, you need a server certificate for your RADIUS server.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 447
Registered: ‎11-04-2011

Re: 802.1x certificates

Nikesh,

 

On the Aruba support Website, under Documentation -> Software -> ClearPass Policy Manager (eTIPS) -> Technotes (https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/EntryId/7961/Default.aspx), there is an excellent document 'CPPM - Certificates 101 Technote V1.0 .pdf' that addresses the required certificates. This document is created for ClearPass, however because ClearPass implements open standards, the same certificate requirements apply to any 802.1x/RADIUS deployment.

 

In a very quick summary:

- For convenience, Windows Username/password can be used, this is called EAP-MSCHAPv2, is cryptographically broken (so should be avoided if reasonally be possible) and requires just a certificate on the RADIUS server.

- For best security, client certificates are used to authenticate the client, this is called EAP-TLS. In this case, in addition to the server certificate on the RADIUS, you will need a client certificate on each client. The distribution of the client certficate makes it more difficult to deploy.

 

The Certificate 101 guide will explain this in more depth.

 

Herman

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC.
New Contributor
Posts: 2
Registered: ‎05-27-2015

Re: 802.1x certificates

Thanks, i will read through the document and provide feedback.

Search Airheads
Showing results for 
Search instead for 
Did you mean: