Trusted Contributor I

beyond dot1x security

i was wondering what possibility for extra security i have beyond dot1x. because of course it is quite save, but once a username and password is known then anyone could use those.


certificates and machine authentication against radius seems some way to make things more secure, but is there anything else to use?


what are the possibilties to add a token (i.e. RAS, safeword, ...) to the mix? is that something Aruba can take care of or something that requires extra client software?

Guru Elite

Re: beyond dot1x security

Please read the whitepaper "Building Global Security Policy for Wireless LANs" here:

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Employee

Re: beyond dot1X security

You could tie the .1X and certificates together with the ClearPass Policy manager to use role-based enforcement per user/device. A token would help during authentication but you may also want to include some post authentication features as well (health checks, ability to define QoS, etc)

Trusted Contributor I

Re: beyond dot1X security

thank you both. that was an interesting read which confirmed some of my ideas and provided some new ones.


the document also mentions the use of tokens. is there any aruba up to date documentation about intergrating a token solution with aruba? i found some old RSA documentation, but not much more.


the best would be to do the intergration with extra software, either on client side (other wireless client then default windows client) and on server side (so no ClearPass or other Radius server then the token one). is that at all possible?

Search Airheads
Showing results for 
Search instead for 
Did you mean: