Search This Blog

Thursday, 24 March 2011

Local EAP and Radius EAP - Network User

I used to believe that when you use Local Radius you must not have an External Radius server configured as the External Radius is always preferred. Well this can be true, but it depends on the settings on the Radius server setup.

If you have the "Network User" box ticked on the Radius server configuration. This becomes the default Radius server for all AAA authentication. You need to have "Network User" selected if you set up AP Policies and want the AP's authenticated against AAA as there is nowhere to configure a specific server.

Where you can specify a server, such as 802.1x authentication within a WLAN, there is no need to have "Network User" selected and Local Radius and External Radius can work in harmony!

2 comments:

  1. But what if you also need AP AAA Authorisation???

    ReplyDelete
  2. Your only option in that case is to use the local AP Authorization list, where you list the MAC addresses (and certificate types) of the APs that need to be authorized.

    ReplyDelete