Security

Hello,

I have a cluster of IAP-215s running Instant 6.5.4.2, authenticating to a FreeRADIUS server. Due to the recent security warnings, I am considering updating the cluster to Instant 8.3.0.6.

Is there any difference in the accepted RADIUS protocols/versions between Instant 6.5.4.2 and Instant 8.3.0.6? I have read all the release notes between these two versions and searched Aruba's site but have found no definitive listing of the supported RADIUS protocols/versions. Any info on whether the supported RADIUS protocols/versions between these two firmwares had any changes, would be appreciated.

We are running an older version of FreeRADIUS (2.1.12), which I intend to update, just can't right now for various reasons.

Thank you,

If you are not using termination on the IAP, the EAP methods on the Client and Server should match, and that should be all you would need.  If it is supported on the radius server and the client, the IAP would send the information between the two via a tunnel that would be agnostic.  The question is, what protocols are you planning to use?

Thanks for the info. We currently use EAP-TTLS, which is working great between the clients/RADIUS server/APs and I am not planning to change that. After review, I think I will instead update to 6.5.4.11 using a manual image file, as that version does fix the recent security bugs but isn't as significant a version jump as what the auto-update offers.

Thanks again,