Occasional Contributor II

Question On EAP PEAP And Certificates

We are implementing dot1x authentication using ClearPass as the radius server. I am trying to understand how to prevent users from creating a new wireless network profile and bypassing the Radius server certificates.


Currently a user can create a new profile and not click on Validate server certificate by passing the EAP tunnel and sending their passwords not in a tunnel.



Is there something on the Aruba controller I can do to enforce this in the AAA autentication profile or in ClearPass?








Guru Elite

Re: Question On EAP PEAP And Certificates

Unfortunately no. It's a client-side configuration. The recommendation would
be to use EAP-TLS if this is a concern.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
Showing results for 
Search instead for 
Did you mean: