Wireless Access

last person joined: 6 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

802.1x certificates

Jump to Best Answer
This thread has been viewed 1 times
  • 1.  802.1x certificates

    Posted Jun 01, 2015 09:14 AM

    Hi Guys

     

    Can someone please assist in directing me in the correct direction. Im looking to enable 802.1x authentication on an SSID, i believe that some sort of certificates are needed. Who can i contact and what do i ask for...?

     

    Thanks

    Nikesh



  • 2.  RE: 802.1x certificates

    Posted Jun 01, 2015 09:16 AM

    At a bare minimum, you need a server certificate for your RADIUS server.



  • 3.  RE: 802.1x certificates
    Best Answer

    Posted Jun 02, 2015 04:16 AM

    Nikesh,

     

    On the Aruba support Website, under Documentation -> Software -> ClearPass Policy Manager (eTIPS) -> Technotes (https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/EntryId/7961/Default.aspx), there is an excellent document 'CPPM - Certificates 101 Technote V1.0 .pdf' that addresses the required certificates. This document is created for ClearPass, however because ClearPass implements open standards, the same certificate requirements apply to any 802.1x/RADIUS deployment.

     

    In a very quick summary:

    - For convenience, Windows Username/password can be used, this is called EAP-MSCHAPv2, is cryptographically broken (so should be avoided if reasonally be possible) and requires just a certificate on the RADIUS server.

    - For best security, client certificates are used to authenticate the client, this is called EAP-TLS. In this case, in addition to the server certificate on the RADIUS, you will need a client certificate on each client. The distribution of the client certficate makes it more difficult to deploy.

     

    The Certificate 101 guide will explain this in more depth.

     

    Herman



  • 4.  RE: 802.1x certificates

    Posted Jun 02, 2015 10:03 AM

    Thanks, i will read through the document and provide feedback.