Wireless Access

last person joined: 13 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

EAP Termination

This thread has been viewed 27 times

  • 1.  EAP Termination

    Posted Jan 03, 2019 02:15 PM

    Hi gays,

     

    When setting up a 802.1x Wlan SSID with EAP FAST Connect activated on the dot1x profile on the Aruba Controller, does the Radius Server (NPS) still require a server certificate to performe user and machine authentication?

     

    Best regards



  • 2.  RE: EAP Termination
    Best Answer

    EMPLOYEE
    Posted Jan 09, 2019 04:58 AM

    With EAP Termination, the EAP tunnel termination point is moved from the RADIUS server to the controller or Instant AP. So you always need a certificate for EAP-PEAP (not recommended) or EAP-TLS operations on either RADIUS server or AP/Controller.

     

    This feature was introduced in the time that RADIUS server lacked good support for EAP-PEAP/EAP-TLS or could not handle the cryptographic load. These days it is no longer recommended to use EAP Termination on the AP or Controller, and in general you should put the certificate on the RADIUS server.