A wireless deployment uses cloud-hosted RADIUS and the security team wants to protect RADIUS traffic between APs and the RADIUS server. Which configuration is appropriate?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the HPE Aruba Networking Certification. Enhance your skills with interactive quiz formats, detailed explanations, and valuable study resources. Ensure you're ready for the exam!

Multiple Choice

A wireless deployment uses cloud-hosted RADIUS and the security team wants to protect RADIUS traffic between APs and the RADIUS server. Which configuration is appropriate?

Explanation:
Securing the path that carries RADIUS packets is essential. RadSec (RADIUS over TLS) wraps RADIUS traffic in TLS, providing encryption and mutual authentication for the communication between the network access devices (APs) and the RADIUS server. To truly protect that link, both ends must speak RadSec: the APs (as RADIUS clients) and the RADIUS server (including a cloud-hosted one). That way, credentials and accounting data in the RADIUS messages are protected in transit. EAP-TLS and EAP-TTLS control how the user credentials are carried inside the wireless authentication process, but they don’t secure the transport between the AP and the RADIUS server. So they don’t address protecting the AP–RADIUS server path. Therefore, the appropriate configuration is RadSec on the AP and the RADIUS server.

Securing the path that carries RADIUS packets is essential. RadSec (RADIUS over TLS) wraps RADIUS traffic in TLS, providing encryption and mutual authentication for the communication between the network access devices (APs) and the RADIUS server. To truly protect that link, both ends must speak RadSec: the APs (as RADIUS clients) and the RADIUS server (including a cloud-hosted one). That way, credentials and accounting data in the RADIUS messages are protected in transit.

EAP-TLS and EAP-TTLS control how the user credentials are carried inside the wireless authentication process, but they don’t secure the transport between the AP and the RADIUS server. So they don’t address protecting the AP–RADIUS server path. Therefore, the appropriate configuration is RadSec on the AP and the RADIUS server.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy