Security

i was wondering what possibility for extra security i have beyond dot1x. because of course it is quite save, but once a username and password is known then anyone could use those.

certificates and machine authentication against radius seems some way to make things more secure, but is there anything else to use?

what are the possibilties to add a token (i.e. RAS, safeword, ...) to the mix? is that something Aruba can take care of or something that requires extra client software?

Please read the whitepaper "Building Global Security Policy for Wireless LANs" here:  http://www.arubanetworks.com/pdf/technology/whitepapers/wp_Global_security.pdf

You could tie the .1X and certificates together with the ClearPass Policy manager to use role-based enforcement per user/device. A token would help during authentication but you may also want to include some post authentication features as well (health checks, ability to define QoS, etc)

thank you both. that was an interesting read which confirmed some of my ideas and provided some new ones.

the document also mentions the use of tokens. is there any aruba up to date documentation about intergrating a token solution with aruba? i found some old RSA documentation, but not much more.

the best would be to do the intergration with extra software, either on client side (other wireless client then default windows client) and on server side (so no ClearPass or other Radius server then the token one). is that at all possible?