network infrastructure AAA server, enable client-side server validation.
This setting instructs the client to compare the presented server
certificate credentials during EAP phase 1 to the list of approved
servers, and to only continue the authentication process if connecting
to a valid server.
This can prevent RADIUS server impersonation by tools such as
Support for this feature varies between vendors.