Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2020 11:58 AM
Hello, we have a project where the client have branches in multiple countries. we will implement one virtual smartzone wireless controller, but want to connect multiple radius servers to the controller. That is, each branch have its own radius server. So , is it possible to do ? , for example is it possible to provide different radius servers for different zones configured in the smartzone controller, or it is possible to configure only one radius server with one wireless controller ?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2020 12:16 PM
HI Mohammad,
Yes, you can define multiple RADIUS servers per Zone or per WLAN in a Zone.
Ruckus SZ supports 2 ways to authenticate with RADIUS:
1. Direct AP to RADIUS - AP's much be able to reach the RADIUS and each AP will be a RADIUS Client (NAS with permission to consult RADIUS). This is configured per AP ZONE and then referenced per WLAN in that Zone.
2. Proxy - Where AP (still acting as NAS) sends all RADIUS requests in the AP control tunnel to the SZ where a RADIUS proxy then consults the RADIUS server. Big advantage of this is you only need to define the SZ nodes as RADIUS Clients (not to be confused with RADIUS user data base). All RADIUS traffic will go out the Management IP (if using 3 Network configuration vSZ-H). I believe you can define up to 32 RADIUS authentication profiles in a Cluster. RADIUS proxy profiles are selected via a RADIUS Realm Authentication service (permitting the same RADIUS profile to use Real/domain based selection) to the WLAN configuration per Zone.
I hope this answers your question.
Thanks
Albert
Yes, you can define multiple RADIUS servers per Zone or per WLAN in a Zone.
Ruckus SZ supports 2 ways to authenticate with RADIUS:
1. Direct AP to RADIUS - AP's much be able to reach the RADIUS and each AP will be a RADIUS Client (NAS with permission to consult RADIUS). This is configured per AP ZONE and then referenced per WLAN in that Zone.
2. Proxy - Where AP (still acting as NAS) sends all RADIUS requests in the AP control tunnel to the SZ where a RADIUS proxy then consults the RADIUS server. Big advantage of this is you only need to define the SZ nodes as RADIUS Clients (not to be confused with RADIUS user data base). All RADIUS traffic will go out the Management IP (if using 3 Network configuration vSZ-H). I believe you can define up to 32 RADIUS authentication profiles in a Cluster. RADIUS proxy profiles are selected via a RADIUS Realm Authentication service (permitting the same RADIUS profile to use Real/domain based selection) to the WLAN configuration per Zone.
I hope this answers your question.
Thanks
Albert
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2020 12:16 PM
HI Mohammad,
Yes, you can define multiple RADIUS servers per Zone or per WLAN in a Zone.
Ruckus SZ supports 2 ways to authenticate with RADIUS:
1. Direct AP to RADIUS - AP's much be able to reach the RADIUS and each AP will be a RADIUS Client (NAS with permission to consult RADIUS). This is configured per AP ZONE and then referenced per WLAN in that Zone.
2. Proxy - Where AP (still acting as NAS) sends all RADIUS requests in the AP control tunnel to the SZ where a RADIUS proxy then consults the RADIUS server. Big advantage of this is you only need to define the SZ nodes as RADIUS Clients (not to be confused with RADIUS user data base). All RADIUS traffic will go out the Management IP (if using 3 Network configuration vSZ-H). I believe you can define up to 32 RADIUS authentication profiles in a Cluster. RADIUS proxy profiles are selected via a RADIUS Realm Authentication service (permitting the same RADIUS profile to use Real/domain based selection) to the WLAN configuration per Zone.
I hope this answers your question.
Thanks
Albert
Yes, you can define multiple RADIUS servers per Zone or per WLAN in a Zone.
Ruckus SZ supports 2 ways to authenticate with RADIUS:
1. Direct AP to RADIUS - AP's much be able to reach the RADIUS and each AP will be a RADIUS Client (NAS with permission to consult RADIUS). This is configured per AP ZONE and then referenced per WLAN in that Zone.
2. Proxy - Where AP (still acting as NAS) sends all RADIUS requests in the AP control tunnel to the SZ where a RADIUS proxy then consults the RADIUS server. Big advantage of this is you only need to define the SZ nodes as RADIUS Clients (not to be confused with RADIUS user data base). All RADIUS traffic will go out the Management IP (if using 3 Network configuration vSZ-H). I believe you can define up to 32 RADIUS authentication profiles in a Cluster. RADIUS proxy profiles are selected via a RADIUS Realm Authentication service (permitting the same RADIUS profile to use Real/domain based selection) to the WLAN configuration per Zone.
I hope this answers your question.
Thanks
Albert