Controllerless Networks

 View Only

  • 1.  Source IP address for Authenticator with IAP dot1x

    Posted Mar 01, 2018 01:45 PM

    Hello,

    I have an IAP cluster with Dot1x configured, and the RADIUS server Microsoft Domain Controller with the NPS role enabled for EAP-TLS. On the DC or any RADIUS controller, the IP address of the authenticator needs to be configured. In the setup I have, the authenticator keeps changing. The source IP address of the authenticator is the one of the AP to which the supplicant is associated and changes when the supplicant moves to a different AP. I have an IP address for the Virtual Controller configured and it works, I can access the VC through this address. Is this the expected behavior? Does it mean that I need to configure the IP addresses of all the APs as clients on the DC or RADIUS server?

    Thank you,

    Christophe.



  • 2.  RE: Source IP address for Authenticator with IAP dot1x

    Posted Mar 01, 2018 01:49 PM
    You need to enable Dynamic RADIUS proxy and then the NAS-IP will be the VC’s address.


  • 3.  RE: Source IP address for Authenticator with IAP dot1x



Related Content