Monitoring, Management & Location Tracking

How to enable Dynamic RADIUS proxy in IGC for a specific Virtual Controller?

This article will help to explain how to enable Dynamic RADIUS proxy for a specific Virtual Controller while using IGC to manage IAP clusters.

 

Static VC IP must be configured if DRP is enabled. The VC IP cannot be 0.0.0.0. In telecommuter 
and branch office deployments that do not use local RADIUS resources, it might be difficult or even impossible to determine the IP range used locally. In such cases, the VC IP should be configured to a random static IP in the non-corporate private IP range (say 192.168.137.139, if the corporate network is 10.0.0.0 /8). This will enable the DRP feature that is essential to tunnel the RADIUS traffic to the central RADIUS server in the datacenter.

 

The location of the RADIUS sever used to authenticate users in branch location varies from organization to 
organization. Most organization have centralized RADIUS server in the datacenter to authenticate remote users but some 
may use a local RADIUS server at each location. There are also organization that use a local RADIUS server for 
employee authentication and a centralized RADIUS based captive portal server for Guest authentication. So to ensure 
that the RADIUS traffic is routed to the appropriate RADIUS server, DRP should be enabled. When enabled, DRP will 
ensure that all the RADIUS traffic is sourced from the VC IP or inner IP of the IAP IPsec tunnel depending on the 
RADIUS server IP and routing profile. If the routing profile is configured to tunnel 10.0.0.0 /8 network and if the 
RADIUS server is 10.68.32.40, then the RADIUS traffic will be forwarded through the IPsec tunnel using the inner IP 
the IAP IPsec tunnel. However, if the RADIUS server is 192.168.32.40, then the RADIUS traffic bridged locally using 
the VC IP

 

 

Instruction to enable Dynamic RADIUS proxy:

> Navigate to Group that holds the specific Virtual Controller to which you would need to enable Dynamic RADIUS proxy.

> Goto "Instant Config" as shown below and expand the cluster and select the Virtual Controller.

 

rtaImage.jpg

 

 

> Choose Settings >> General and enable "Dynamic RADIUS proxy" and also make sure you have provided a static IP for "Virtual Controller IP" which is mandatory when Dynamic RADIUS proxy is enabled.

> click Save and Apply All to submit the settings.

 

Once the configuration change is being applied Airwave will initiate configuration audit and post the mismatched configuration to the VC over https.
We can review the configuration that VC receive from Airwave using the following method.

Navigate to the VC Monitor page, from the drop down list "Run commands from VC" select "VC AMP Last Configuration Received". 

Airwave will query the respective VC for the recently received configuration and will list the configuration lines that are sent from Airwave with it's status.

Version History
Revision #:
1 of 1
Last update:
‎04-09-2015 07:12 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.