11-22-2015 07:25 PM
I saw the option on Cotroller 's GUI, but I still don't understand the point of terminated on controller.
Could some one explain about it, please?
Solved! Go to Solution.
11-22-2015 07:26 PM
11-22-2015 07:42 PM
Thanks a lot, so the whole point of terminated on controller is that the role of the controller is played.
If we enable the termination on controller, then the controller would act like a authenticator,
If we disenable the termination on controller, then the controller just simply sends the packets to the Radius Server, the Radius Server would act like a authenticator and a authentication server at the same time.
Is that right?
11-22-2015 07:45 PM - edited 11-22-2015 07:47 PM
The controller is still the authenticator.
Controller >> [LDAP/S] >> AD/LDAP
TLS tunnel: Client >> Controller
Controller >> [RADIUS] >> RADIUS server > AD/LDAP
TLS tunnel: Client >> RADIUS server
You should definitely terminate on a RADIUS server.
11-22-2015 07:53 PM
When using a tunneled EAP protocol like EAP-PEAP or EAP-TTLS, a secure tunnel is built between the client and RADIUS server (or controller if using termination) to exchange network credentials.