Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Does the IAP only support PAP for Admin Authentication

This thread has been viewed 2 times

  • 1.  Does the IAP only support PAP for Admin Authentication

    Posted Sep 11, 2020 04:35 AM

    Hi all, I am running an infrastructure with Aruba instant 505 on. SSID based on peap-eap-tls on external Radius and Admin authentication also with this Radius. The issue is that it's by default using PAP authentication for management admin access. Is there a way to use a non plaintext protocol with a radius like PEAP mschav2 for admin management access? Instead of using PAP. 

    If not.. Do LDAP or TACACS  handle it? if yes.. do you have the cli configuration to make it work ?

     

    Thank you very much in advance all.

     

     



  • 2.  RE: Does the IAP only support PAP for Admin Authentication

    MVP GURU
    Posted Sep 14, 2020 08:27 AM

    I don't believe there is a way to set the auth type on the IAPs to use mschap vs PAP for RADIUS or TACACS+ login. In the controller based deployments you can. 

     

     



  • 3.  RE: Does the IAP only support PAP for Admin Authentication

    EMPLOYEE
    Posted Sep 14, 2020 08:28 AM

    You can use RADIUS or TACACS+ for remote Admin Authentication on IAP.

     

    Please note that TACACS+ and MSCHAPv2 (if that were possible) use weak encryption so you should not really rely on that for your security. Make sure your management communication runs over secure connections or deploy IPSec to connect to your Authentication server segment.