01-03-2019 11:14 AM
When setting up a 802.1x Wlan SSID with EAP FAST Connect activated on the dot1x profile on the Aruba Controller, does the Radius Server (NPS) still require a server certificate to performe user and machine authentication?
Solved! Go to Solution.
01-09-2019 01:58 AM
With EAP Termination, the EAP tunnel termination point is moved from the RADIUS server to the controller or Instant AP. So you always need a certificate for EAP-PEAP (not recommended) or EAP-TLS operations on either RADIUS server or AP/Controller.
This feature was introduced in the time that RADIUS server lacked good support for EAP-PEAP/EAP-TLS or could not handle the cryptographic load. These days it is no longer recommended to use EAP Termination on the AP or Controller, and in general you should put the certificate on the RADIUS server.
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).