Hello,
I have an IAP cluster with Dot1x configured, and the RADIUS server Microsoft Domain Controller with the NPS role enabled for EAP-TLS. On the DC or any RADIUS controller, the IP address of the authenticator needs to be configured. In the setup I have, the authenticator keeps changing. The source IP address of the authenticator is the one of the AP to which the supplicant is associated and changes when the supplicant moves to a different AP. I have an IP address for the Virtual Controller configured and it works, I can access the VC through this address. Is this the expected behavior? Does it mean that I need to configure the IP addresses of all the APs as clients on the DC or RADIUS server?
Thank you,
Christophe.