What is the appropriate solution for this scenario?

A company recently deployed new Aruba Access Points at different branch offices Wireless 802.1X authentication will be against a RADIUS server in the cloud. The security team is concerned that the traffic between the AP and the RADIUS server will be exposed..

What is the appropriate solution for this scenario?
A . Enable EAP-TLS on all wireless devices
B . Configure RadSec on the AP and Aruba Central.
C . Enable EAP-TTLS on all wireless devices.
D . Configure RadSec on the AP and the RADIUS server

View Answer

Answer: D

Explanation:

This is the appropriate solution for this scenario where wireless 802.1X authentication will be against a RADIUS server in the cloud and the security team is concerned that the traffic between the AP and the RADIUS server will be exposed. RadSec, also known as RADIUS over TLS, is a protocol that provides encryption and authentication for RADIUS traffic over TCP and TLS. RadSec can be configured on both the AP and the RADIUS server to establish a secure tunnel for exchanging RADIUS packets. The other options are incorrect because they either do not provide encryption or authentication for RADIUS traffic or do not involve RadSec.

References:

https://www.securew2.com/blog/what-is-radsec/

https://www.cloudradius.com/radsec-vs-radius/