Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

What is the different between Terminated on Controller and Not Terminated on Controller?

This thread has been viewed 3 times

  • 1.  What is the different between Terminated on Controller and Not Terminated on Controller?

    Posted Nov 22, 2015 10:25 PM

    Hi guys,

     

    I saw the option on Cotroller 's GUI, but I still don't understand the point of terminated on controller.

     

    Could some one explain about it, please?



  • 2.  RE: What is the different between Terminated on Controller and Not Terminated on Controller?
    Best Answer

    EMPLOYEE


  • 3.  RE: What is the different between Terminated on Controller and Not Terminated on Controller?

    Posted Nov 22, 2015 10:42 PM

    Thanks a lot, so the whole point of terminated on controller is that the role of the controller is played.

    If we enable the termination on controller, then the controller would act like a authenticator,

    If we disenable the termination on controller, then the controller just simply sends the packets to the Radius Server,  the Radius Server would act like a authenticator and a authentication server at the same time.

     

    Is that right?



  • 4.  RE: What is the different between Terminated on Controller and Not Terminated on Controller?

    EMPLOYEE
    Posted Nov 22, 2015 10:46 PM

    The controller is still the authenticator.

    Termination:
    Controller >> [LDAP/S] >> AD/LDAP
    TLS tunnel: Client >> Controller

    Not terminated:
    Controller >> [RADIUS] >> RADIUS server > AD/LDAP
    TLS tunnel: Client >> RADIUS server


    You should definitely terminate on a RADIUS server.



  • 5.  RE: What is the different between Terminated on Controller and Not Terminated on Controller?

    Posted Nov 22, 2015 10:52 PM

    Thanks again, it looks like I have to learn about the TLS first.



  • 6.  RE: What is the different between Terminated on Controller and Not Terminated on Controller?

    EMPLOYEE
    Posted Nov 22, 2015 10:54 PM

    When using a tunneled EAP protocol like EAP-PEAP or EAP-TTLS, a secure tunnel is built between the client and RADIUS server (or controller if using termination) to exchange network credentials.