06-01-2015 06:13 AM
Can someone please assist in directing me in the correct direction. Im looking to enable 802.1x authentication on an SSID, i believe that some sort of certificates are needed. Who can i contact and what do i ask for...?
Solved! Go to Solution.
06-02-2015 01:16 AM
On the Aruba support Website, under Documentation -> Software -> ClearPass Policy Manager (eTIPS) -> Technotes (https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/EntryId/7961/Default.aspx), there is an excellent document 'CPPM - Certificates 101 Technote V1.0 .pdf' that addresses the required certificates. This document is created for ClearPass, however because ClearPass implements open standards, the same certificate requirements apply to any 802.1x/RADIUS deployment.
In a very quick summary:
- For convenience, Windows Username/password can be used, this is called EAP-MSCHAPv2, is cryptographically broken (so should be avoided if reasonally be possible) and requires just a certificate on the RADIUS server.
- For best security, client certificates are used to authenticate the client, this is called EAP-TLS. In this case, in addition to the server certificate on the RADIUS, you will need a client certificate on each client. The distribution of the client certficate makes it more difficult to deploy.
The Certificate 101 guide will explain this in more depth.
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).