Security

last person joined: 6 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Aruba Instant RADIUS Login for Web UI

Jump to Best Answer
This thread has been viewed 33 times
  • 1.  Aruba Instant RADIUS Login for Web UI

    Posted Sep 07, 2021 12:42 PM
    Hello everyone,

    I am in the process of setting up our Aruba Instant to use domain logins through the use of a RADIUS server. I have already added in the details for the server into the controller, and have also setup the corresponding policies in the NPS server.

    The one thing I can't seem to figure out is how to make the login attempts use a secure protocol. I can see that the controller is directing the login attempts to the NPS server, but it is using PAP. Is there an easy way in the GUI or CLI to change this to use a more secure protocol?

    Our Aruba switches for example use our NPS server for the GUI and SSH logins. I was able to run a command that has them using EAP-MSCHAPv2. I am hoping that the logins for the access points can be secured in a similar fashion.

    Thanks!


  • 2.  RE: Aruba Instant RADIUS Login for Web UI
    Best Answer

    Posted Sep 08, 2021 03:53 AM
    https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=4940

    Note that in practice the security of MSCHAPv2 is broken and should be considered nearly as insecure as PAP. It's recommended to run your RADIUS traffic over trusted connections only, or use a VPN/IPSec to protect it on non-trusted networks.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------