https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=4940
Note that in practice the security of MSCHAPv2 is broken and should be considered nearly as insecure as PAP. It's recommended to run your RADIUS traffic over trusted connections only, or use a VPN/IPSec to protect it on non-trusted networks.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Sep 07, 2021 12:41 PM
From: Tyler Long
Subject: Aruba Instant RADIUS Login for Web UI
Hello everyone,
I am in the process of setting up our Aruba Instant to use domain logins through the use of a RADIUS server. I have already added in the details for the server into the controller, and have also setup the corresponding policies in the NPS server.
The one thing I can't seem to figure out is how to make the login attempts use a secure protocol. I can see that the controller is directing the login attempts to the NPS server, but it is using PAP. Is there an easy way in the GUI or CLI to change this to use a more secure protocol?
Our Aruba switches for example use our NPS server for the GUI and SSH logins. I was able to run a command that has them using EAP-MSCHAPv2. I am hoping that the logins for the access points can be secured in a similar fashion.
Thanks!