Wireless Access

hello Airheads,

If you have for example a master controller and two locals and you

set up a NAS IP on the master controller under "configuration\security\authentication\advanced"

do all RADIUS requests from clients that associate to an AP on a local controller get proxied from the master controller NAS ip?

What you need to do is configure the following so the request comes from every individual controller:
ip radius nas-ip <CONTROLLER MGMT IP>
ip radius source-interface vlan <CONTROLLER MGMT VLAN ID>

hi Victor,

i would like the RADIUS request to come only from the master.

cheers

Pete

 

 

 

That's not possible. Instead you'd want to key off of a different attribute on your radius server like NAS-ID. You'll still need to add in the controllers as radius clients.

Sent from Nine

thanks for the replies chaps.

i am trying to take advantage of RADIUS load balancing to multiple Publishers.

I have AP's terminating on diferent local controllers and guests who sign up to a Publisher

through one AP and may roam to another AP which is on a different local controller.

Subsequebnt to guest account creation I want use MAC AUTH to the original Publisher the guest signed up with so hence i wanted to

try and centralize the RADIUS activity.

 

The problem with doing that is you would be completely dependent on the master controller for auth rendering all other redundancy irrelevant.

Sent from Nine

agreed single point of failure bu

could you have a master\backup master pair

Just need to use the VIP of VRRP then

Hi Victor,

could you explain a bit further, i have lost the thread a bit.

pete

 

In order to have a Master/Standby Master you need a VRRP setup which requires a Virtual IP that both controllers shared in an Active/Standby setup.

You could use this IP address to send all your RADIUS request from both locals as well as master running this command:

IP radius nas-ip

If you have only Master then you just put the Master Management IP address instead of the VIP VRRP address.

thanks Victor i think we have a solution.

cheers

Pete

 

hi Victor,

one last point.

using this configuration would the master keep a record of all authentications?

so i can use RADIUS load balancing.

cheers

Pete

 

Pete_Elms,

 

In a word, no.

 

The way you configure server load balancing is detailed here:  http://www.arubanetworks.com/techdocs/ArubaOS_6.4.4.x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/AAA_Servers/Load_Balancing.htm

 

 

Not proxied. It only sets that attribute. The source IP address is still the controller it came from.