Wireless Access

Occasional Contributor II

EAP Termination

Hi gays,


When setting up a 802.1x Wlan SSID with EAP FAST Connect activated on the dot1x profile on the Aruba Controller, does the Radius Server (NPS) still require a server certificate to performe user and machine authentication?


Best regards

MVP Guru

Re: EAP Termination

With EAP Termination, the EAP tunnel termination point is moved from the RADIUS server to the controller or Instant AP. So you always need a certificate for EAP-PEAP (not recommended) or EAP-TLS operations on either RADIUS server or AP/Controller.


This feature was introduced in the time that RADIUS server lacked good support for EAP-PEAP/EAP-TLS or could not handle the cryptographic load. These days it is no longer recommended to use EAP Termination on the AP or Controller, and in general you should put the certificate on the RADIUS server.

If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
Showing results for 
Search instead for 
Did you mean: