Security

I still need to deploy my wireless network. I have:

One Arubal 3200 controller plugged into a Procurve switch.

Four each, AP105’s, plugged into 4 different Procurve switches.

Four domain controllers, #1 with AD services. (2008 R2)

One new RADIUS server with AD CS, NPS, and IIS. (2008 R2)

One new security certificate to install, somewhere.

The controller sees all 16 AP’s.

Being new to this, I would like to know the following:

If I need a RADIUS server group, what devices are included in the group?

Is the certificate installed on the RADIUS server or domain controller?

I’m sure I’ll have more questions, but this is a starting point for me. Thanks!

Chuck

The radius server that you have belongs in the 'server group'.

The certificate you have (assuming you are using PEAP) resides upon that Radius server.

If it is a "server group", wouldn't there be more than one server? I was thinking that perhaps the domain controller and the aruba controller should also be included. I just don't know for sure. And yes, my intent is to use PEAP.

Thanks for your reply.

In most networks there will be more than a single radius server... in your network with a single Radius server, as long as that Server can look into all databases for user credentials then thats all that needs to be in the server group.

---

@jfernyc wrote:

In most networks there will be more than a single radius server... in your network with a single Radius server, as long as that Server can look into all databases for user credentials then thats all that needs to be in the server group.

---

I hadn't considered more than one Radius server. At this time, the WLAN will be used mostly for employees' handheld devices and some guest access, however, in the future we intend to place desktops on the WLAN also. Is the use of multiple Radius servers for traffic purposes?

And, does the Aruba controller supposed to be configured to direct all originating connections to the Radius server?

Thanks again for the response.

Multiple RADIUS servers are typically used for High Availability  / fault tolerance.   If all devices connect to a single server and that server is down/hung/frozen, then the helpdesk lights up with calls non-stop saying the 'wireless is down'  when in reality its one small piece of the puzzle in the data center that is in fact down ;)

The Controller, once configured for server group = radius server, will forward on Radius transactions from all clients to the server, and will interpret the response comes back from the radius server (group info, role info, vlan info, ACK/NAK, and the key to be used for this users session). 

---

@jfernyc wrote:

Multiple RADIUS servers are typically used for High Availability  / fault tolerance.   If all devices connect to a single server and that server is down/hung/frozen, then the helpdesk lights up with calls non-stop saying the 'wireless is down'  when in reality its one small piece of the puzzle in the data center that is in fact down ;)

 

The Controller, once configured for server group = radius server, will forward on Radius transactions from all clients to the server, and will interpret the response comes back from the radius server (group info, role info, vlan info, ACK/NAK, and the key to be used for this users session). 

---

Thank you very much for your help. This last response includes much needed information, except the reference to the "helpdesk", just another project I need to get back to  :smileyfrustrated:.

I'll close this for now and post again at the next road block. Have a great day!