For modern campus networks, secure administrative access to network devices (switches, access points, and controllers) is a critical design requirement. HPE Aruba Networking supports several standard protocols to provide centralized Authentication, Authorization, and Accounting (AAA) for management users.
The three primary supported security protocols for device management access are:
TACACS (Terminal Access Controller Access-Control System): This is the preferred protocol for device management because it separates authentication, authorization, and accounting. It allows for granular command-level authorization, ensuring that different administrators have specific permission levels (e.g., read-only vs. full configuration).
RADIUS (Remote Authentication Dial-In User Service): RADIUS is a widely supported protocol that provides centralized AAA services. While it is often used for network access (802.1X), it is also a standard method for authenticating management sessions on Aruba infrastructure.
LDAPS (Lightweight Directory Access Protocol over SSL/TLS): This protocol allows the network infrastructure to authenticate management users directly against a directory service, such as Microsoft Active Directory. Using the secure version (LDAPS) ensures that credentials are encrypted during the authentication process.
While RadSec (RADIUS over TLS) is supported by Aruba for secure AAA transport, it is generally considered a transport method for RADIUS traffic rather than a distinct management authentication requirement in this context. GRE (Generic Routing Encapsulation) is a tunneling protocol and is not used for management authentication.
