Wireless Access

Reply
Contributor II
Posts: 100
Registered: ‎10-04-2012

setting the NAS IP globally on the master controller

hello Airheads,

If you have for example a master controller and two locals and you

set up a NAS IP on the master controller under "configuration\security\authentication\advanced"

do all RADIUS requests from clients that associate to an AP on a local controller get proxied from the master controller NAS ip?

Guru Elite
Posts: 20,820
Registered: ‎03-29-2007

Re: setting the NAS IP globally on the master controller

Not proxied. It only sets that attribute. The source IP address is still the controller it came from.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 4,238
Registered: ‎07-20-2011

Re: setting the NAS IP globally on the master controller

What you need to do is configure the following so the request comes from every individual controller:
ip radius nas-ip <CONTROLLER MGMT IP>
ip radius source-interface vlan <CONTROLLER MGMT VLAN ID>

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II
Posts: 100
Registered: ‎10-04-2012

Re: setting the NAS IP globally on the master controller

hi Victor,

i would like the RADIUS request to come only from the master.

cheers

Pete

 

 

 

Guru Elite
Posts: 8,337
Registered: ‎09-08-2010

Re: setting the NAS IP globally on the master controller

That's not possible. Instead you'd want to key off of a different attribute on your radius server like NAS-ID. You'll still need to add in the controllers as radius clients.

Sent from Nine

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 100
Registered: ‎10-04-2012

Re: setting the NAS IP globally on the master controller

thanks for the replies chaps.

i am trying to take advantage of RADIUS load balancing to multiple Publishers.

I have AP's terminating on diferent local controllers and guests who sign up to a Publisher

through one AP and may roam to another AP which is on a different local controller.

Subsequebnt to guest account creation I want use MAC AUTH to the original Publisher the guest signed up with so hence i wanted to

try and centralize the RADIUS activity.

 

Guru Elite
Posts: 8,337
Registered: ‎09-08-2010

Re: setting the NAS IP globally on the master controller

The problem with doing that is you would be completely dependent on the master controller for auth rendering all other redundancy irrelevant.

Sent from Nine

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 100
Registered: ‎10-04-2012

Re: setting the NAS IP globally on the master controller

agreed single point of failure bu

could you have a master\backup master pair

MVP
Posts: 4,238
Registered: ‎07-20-2011

Re: setting the NAS IP globally on the master controller

Just need to use the VIP of VRRP then
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II
Posts: 100
Registered: ‎10-04-2012

Re: setting the NAS IP globally on the master controller

Hi Victor,

could you explain a bit further, i have lost the thread a bit.

pete

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: