in most cases any form of Proxy will not wok with RADSEC.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------
Original Message:
Sent: Oct 05, 2023 12:59 PM
From: chulcher
Subject: IAP VC Radius/RadSec proxy
https://www.arubanetworks.com/techdocs/Instant_811_WebHelp/Content/instant-ug/authentication/conf-dyn-rad-pro.htm
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Oct 04, 2023 10:01 PM
From: desmith
Subject: IAP VC Radius/RadSec proxy
I'm setting up dot1x over radsec on some 8.10 IAP networks, have everything working with each AP making a direct connection to radsec on ClearPass. If possible I'd like to have the VC proxy the radsec authentication requests - configuring a network range in ClearPass isn't a problem for me, but I wanted to enable the radius status keepalive, and avoid having hundreds of APs doing this over radsec.
I've seen comments suggesting enabling Dynamic Radius Proxy would result in the VC address being the source for all Radius requests (e.g. https://community.arubanetworks.com/discussion/radius-proxy), but even the name "Dynamic" makes me think it's only for processing dynamic radius traffic from ClearPass to the AP, and from testing I'm still seeing individual APs establish radsec tunnels.