Security

Hello,

In case of Internal AAA Server is used on the Mobility Controller MC 7200, in this case:

> Can we assign a group of AP's to be Authenticators for this internal MC Authentication Server? - And, another group of AP's, the MC will forward their Radius messages to external Radius Server?

> How can this be done?

Another questions please, in case of internl Auth Server by the MC 7200, what are the requirements on the Client UE? Does he need to support for example some kind of EAP?

 

Thanks.

Yes. Authentication is defined in each VAP. Each AP group can have different VAPs.

You should consider using a RADIUS server for all authentication instead of the internal database.

What are the requirements on the Cleints UE's in case of Internal Auth Server?

Are you doing cert based auth or username/password?

EAP-TLS, EAP-PEAP/MSCHAPv2, and EAP-PEAP/GTC are supported.

Username/Password only

The EAP method most often used is EAP-PEAP/MSCHAPv2 because all clients support it.

 

Like T Cappalli says, you should really not bother with the intenal radius server;  you should use an external one for maximum flexibility.