Controllerless Networks

New Contributor

Does the IAP only support PAP for Admin Authentication

Hi all, I am running an infrastructure with Aruba instant 505 on. SSID based on peap-eap-tls on external Radius and Admin authentication also with this Radius. The issue is that it's by default using PAP authentication for management admin access. Is there a way to use a non plaintext protocol with a radius like PEAP mschav2 for admin management access? Instead of using PAP. 

If not.. Do LDAP or TACACS  handle it? if yes.. do you have the cli configuration to make it work ?


Thank you very much in advance all.



Super Contributor II

Re: Does the IAP only support PAP for Admin Authentication

I don't believe there is a way to set the auth type on the IAPs to use mschap vs PAP for RADIUS or TACACS+ login. In the controller based deployments you can. 



Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX #509 | ACCX #1272 | ACSA | ACDA | ACEA | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
MVP Guru

Re: Does the IAP only support PAP for Admin Authentication

You can use RADIUS or TACACS+ for remote Admin Authentication on IAP.


Please note that TACACS+ and MSCHAPv2 (if that were possible) use weak encryption so you should not really rely on that for your security. Make sure your management communication runs over secure connections or deploy IPSec to connect to your Authentication server segment.

If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
Showing results for 
Search instead for 
Did you mean: