Can you terminate EAP-GTC on an aerohive AP ???

  • 1
  • Question
  • Updated 3 years ago
  • Answered
Can you terminate EAP-GTC on an aerohive AP?  
Aruba support it allowing the customer to do two factor auth. Do Aerohive AP support terminating with an inner EAP type of GTC?
Photo of CMM

CMM

  • 7 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Not by terminating the EAP at the built-in RADIUS server, but for those who have that specific use case, they should really be using something dedicated like FreeRADIUS or RADIATOR, terminating the EAP there. You get a far better experience with features, auditing, customisation etc. by doing this.

Having a RADIUS server in the AP firmware is a convenience feature, designed to meet the needs of most users with typical use cases as it is one less separate thing to understand and manage. Users just have to bind to an appropriate directory and much of the complexity is masked.

In my opinion, it wouldn't make sense to build this in to HiveOS as there would be relatively few users for it and the same thing can be achieved in a different, arguably better way for those who need it.

So, you can definitely do two factor auth of this nature with Aerohive APs in the equation, just not with HiveOS terminating the EAP.
(Edited)