Configuring Aerohive with external Windows 2012 NPS Radius Server questions

  • 2
  • Question
  • Updated 3 months ago
  • (Edited)
Hi All, I have managed to configure a Windows 2012 NPS radius server to work with Aerohive.  For a bit I was stumped not having done this before, but in the end, it's extremely easy.  For anyone struggling, querying past answers on this forum, the Aerohive help files were good, and this complete walk through video was nice too: https://www.youtube.com/watch?v=_YuKIMrnVSg

Here's my last outstanding questions:
1. Is there any reason that I shouldn't use PEAP instead of EAP-TLS.  PEAP seems a lot easier.
2. Whey my Windows and MAC clients attempt to join the SSID, they get this certificate warning.  Since I didn't upload any certs, how do I keep this pop up from appearing to my end users?

That's it for now. Thanks Michael
Photo of mdparker04

mdparker04

  • 11 Posts
  • 4 Reply Likes

Posted 2 years ago

  • 2
Photo of Scott Farrand

Scott Farrand

  • 7 Posts
  • 0 Reply Likes
You need to spend a few dollars on a well know cert provider certificate... though we've had some challenges with that...
Photo of sam lujan

sam lujan

  • 10 Posts
  • 0 Reply Likes
So what are the settings on the windows server side using Aerohive classic? What are the settings so that the respective SSID's or profiles get sent to their proper vlan? Any help would be appreciated, thank you...
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
PEAP is less secure than EAP-TLS as it can be compromised by man in the middle attacks, especially if the client is a smartphone or tablet.  With domain computers you can use Group Policy to make PEAP more secure but this is difficult with smartphones or tablets as it requires users to manually configure these settings.
The forthcoming Aerohive A3 AAA server should help with this issue.
(Edited)