Controllerless Networks

how do i authenticate inistant with external radius ?

what is DRP IP ?

thanks ,

Ehab

Hi Friend,

Here are the steps to configure IAP with external RADIUS,

Click on "System" and fill the below details.

Give an IP to the Virtual Controller and enable Dynamic radius Proxy. This will forward all the radius packets ( from any IAP in the cluster) to RADIUS server with the VC's IP.

Click on "Authentication" and add a new radius Server.





Navigate to Security - Role page and add two new roles.

Employee : allowed to all destination.
Contractor : limited access
These roles can be customized based on user's requirements.





Sample Contractor Role.




Create a new SSID.

Click on "New" and give a name to the SSID.




On next page, select the Client IP assignment.

We can have it either VC assigned or Network Assigned based on our requirements.




On the Next page,



Select the security as "Enterprise"
Key Management as "WPA-2-Enterprise"
Authentication server as < Server Name>


On the next page,

here we have to select the proper method to assign a role to the authenticated clients ( users).

Please don't forget to configure the RADIUS client and other details in the server :)

Hope you got some idea, please go ahead and try.

Please feel free if you need any furhter help on this.

thanks all for your fast responce .

it works well but after cliend succesufull login via external radius server he can not access network shared folder that he already has access to them in active directory .

please find attchement for system config and radius config that worked with me but with out access with shared folder .

thanks

Ehab

Hi,

What is the authenticated role assigned to the user and the policy mapped to that role, check whether you are allowing required traffic.

on Active directory , user  has full control on shared folder , but when login via radius server  the user cant access this shard folder

thanks ,

Ehab

Hi friend,

I'm talking about the role assigned to the wireless user. always a policy will be tagged with the role.

AD credentials will be used for authentication purpose. after successfull authentication user traffic will allowed asper the role and policy assigned to that user. here role can be assigned by the VC or by the RADIUS server, depends on the configuration.

Please feel free still if you need help on this.

Verify which role is the user getting after passing authentication and see what ACLs do you have apply