cancel
Showing results for 
Search instead for 
Did you mean: 

Multiple sites connected to one virtual smartzone wireless controller, can we connect more than one radius server to the controller ?

mohammad_shamse
New Contributor III
Hello, we have a project where the client have branches in multiple countries. we will implement one virtual smartzone wireless controller, but want to connect multiple radius servers to the controller. That is, each branch have its own radius server. So , is it possible to do ? , for example is it possible to provide different radius servers for different zones configured in the smartzone controller, or it is possible to configure only one radius server with one wireless controller ?
1 ACCEPTED SOLUTION

albert_pierson
RUCKUS Team Member
HI Mohammad,

Yes, you can define multiple RADIUS servers per Zone or per WLAN in a Zone.

Ruckus SZ supports 2 ways to authenticate with RADIUS:

1. Direct AP to RADIUS - AP's much be able to reach the RADIUS and each AP will be a RADIUS Client (NAS with permission to consult RADIUS).  This is configured per AP ZONE and then referenced per WLAN in that Zone.

2. Proxy - Where AP (still acting as NAS) sends all RADIUS requests in the AP control tunnel to the SZ where a RADIUS proxy then consults the RADIUS server.  Big advantage of this is you only need to define the SZ nodes as RADIUS Clients (not to be confused with RADIUS user data base).  All RADIUS traffic will go out the Management IP (if using 3 Network configuration vSZ-H).  I believe you can define up to 32 RADIUS authentication profiles in a Cluster.  RADIUS proxy profiles are selected via a RADIUS Realm Authentication service (permitting the same RADIUS profile to use Real/domain based selection) to the WLAN configuration per Zone.

I hope this answers your question.

Thanks

Albert

View solution in original post

1 REPLY 1

albert_pierson
RUCKUS Team Member
HI Mohammad,

Yes, you can define multiple RADIUS servers per Zone or per WLAN in a Zone.

Ruckus SZ supports 2 ways to authenticate with RADIUS:

1. Direct AP to RADIUS - AP's much be able to reach the RADIUS and each AP will be a RADIUS Client (NAS with permission to consult RADIUS).  This is configured per AP ZONE and then referenced per WLAN in that Zone.

2. Proxy - Where AP (still acting as NAS) sends all RADIUS requests in the AP control tunnel to the SZ where a RADIUS proxy then consults the RADIUS server.  Big advantage of this is you only need to define the SZ nodes as RADIUS Clients (not to be confused with RADIUS user data base).  All RADIUS traffic will go out the Management IP (if using 3 Network configuration vSZ-H).  I believe you can define up to 32 RADIUS authentication profiles in a Cluster.  RADIUS proxy profiles are selected via a RADIUS Realm Authentication service (permitting the same RADIUS profile to use Real/domain based selection) to the WLAN configuration per Zone.

I hope this answers your question.

Thanks

Albert