Controllerless Networks

Reply
Frequent Contributor II

IAP and external RADIUS

Hi all,

I have a question about the configuration of my IAPs with an external RADIUS Server. If I don't enable Dynamic RADIUS Proxy in the System tab and if I don't write nothing in the NAS IP address in the Authentication Server parameters, which IP addresses will comunicatewith the radius server? All the IP addresses of my 4 IAPs? So I have to insert in the NPS service of my Windows 2008 server all my IAPs and not only the VC?

 

Thanks,

 

Massimo

------------------------------------------------------------
Massimo Gallina
Telecommunications engineer - ACMP2013

Re: IAP and external RADIUS

It will be the ip of the IAP.  You'll need to add the four addresses to your NPS.

 

 


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Frequent Contributor II

Re: IAP and external RADIUS

Ok, thank you for the good explanation Michael!

 

And is better to enable or not the Termination flag in the SSID tab? That is better to terminate the EAP protocol on the RADIUS or on the IAP?

------------------------------------------------------------
Massimo Gallina
Telecommunications engineer - ACMP2013

Re: IAP and external RADIUS

That depends on the circumstances.  Personally I prefer to not enable termination and let the Radius do the EAP exchange, and then you don't need to worry about certificates.

 

 


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Super Contributor I

Re: IAP and external RADIUS

Termination or not will depend on your setup, do you have CA setup, self cert or external cert on the radius server. If it is for someone not familiar with such cert then I would use termination instead. Or if you need to do machine auth etc then you have no choice but to go ahead with no termination.

Normal Guy
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: