I saw this on a client which have a captive portal and has a NPS of windows as a radius server for the users that connect to this network.
As far i understand that wouldnt be 802.1x its just a captive portal that validates with a radius server.
If they are using http for authentication on the on the L3 authentication profile it means that the user and password travel unencrypted right? i mean on plain text...
Please note that the default, and recommended setting for captive portal authentication is over HTTPS with your own public signed certificate. In that case, the password is protected between client and controller/IAP with SSL. Only if you configure the captive portal not to use https, and switch down to http, the user credentials will go in the clear. Between the controller and your RADIUS server, consider the credentials unencrypted as it either is or the used protection is too weak. Make sure that path is more or less trusted when using PAP/CHAP/MSCHAP (non EAP).
No, its over http. Also they dont have a public certificate.
Ill just propose them 802.1x with EAP TLS, instead of doing mac auth, and that captive portal auth for internal users. Which i bealive is the best.
Thanks it just that i saw that in a client and i wanted to alert them about this, as we didnt configure this controller
Thank you Collin.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.