03-15-2013 03:09 AM
First of all I want to say hi to everyone because it my first post.
I have question about deploying RSA SecurID as authentication solution in Aruba Instance environment.
I know that is deployment guide abut integration with RSA RADIUS but afaik RSA RADIUS SERVER does not support EAP-MSCHAPv2. How you guys solve it in your networks? You Use different RADIUS and native integration with RSA agent? Use different authentication protocol than EAP-MSCHAPv2?
Please help and share your experience because i'm looking equivalent solution to integration RSA with Cisco ACS.
03-17-2013 08:02 PM
RSA uses a version of Funk/Juniper SBR for radius so MSCHAPv2 should be possible. I believe that when Aruba is doing EAP-Termination with EAP-GTC as the inner-type that we use PAP to query the RSA RADIUS server. This PDF is old but discusses the RSA Radius server. The Aruba controller will cache the token that the client sends so that roaming access points doesn't cause a request for another token for the configured time period (the token cache period). These settings are under the advanced tab of your 802.1x profile.
Hope this Helps,
10-24-2013 03:42 AM - edited 10-24-2013 03:55 AM
If somebody was looking is it possible to use MSCHAPv2 with RSA Token it doesn't. It is only working with PEAP-GTC or PAP.
And Aruba solution only integrate with RSA using RADIUS not native client.