Security

Reply
Highlighted
Occasional Contributor II

Question On EAP PEAP And Certificates

We are implementing dot1x authentication using ClearPass as the radius server. I am trying to understand how to prevent users from creating a new wireless network profile and bypassing the Radius server certificates.

 

Currently a user can create a new profile and not click on Validate server certificate by passing the EAP tunnel and sending their passwords not in a tunnel.

 

 

Is there something on the Aruba controller I can do to enforce this in the AAA autentication profile or in ClearPass?

 

 

 

 

 

 

 


Accepted Solutions
Highlighted
Moderator

Re: Question On EAP PEAP And Certificates

Unfortunately no. It's a client-side configuration. The recommendation would
be to use EAP-TLS if this is a concern.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Moderator

Re: Question On EAP PEAP And Certificates

Unfortunately no. It's a client-side configuration. The recommendation would
be to use EAP-TLS if this is a concern.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: