This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Multiple sites connected to one virtual smartzone wireless controller, can we connect more than one radius server to the controller ?

Go to solution
mohammad_shamse
New Contributor III

‎02-19-2020 11:58 AM

Hello, we have a project where the client have branches in multiple countries. we will implement one virtual smartzone wireless controller, but want to connect multiple radius servers to the controller. That is, each branch have its own radius server. So , is it possible to do ? , for example is it possible to provide different radius servers for different zones configured in the smartzone controller, or it is possible to configure only one radius server with one wireless controller ?
1 ACCEPTED SOLUTION

Go to solution
albert_pierson
RUCKUS Team Member

‎02-19-2020 12:16 PM

HI Mohammad,

Yes, you can define multiple RADIUS servers per Zone or per WLAN in a Zone.

Ruckus SZ supports 2 ways to authenticate with RADIUS:

1. Direct AP to RADIUS - AP's much be able to reach the RADIUS and each AP will be a RADIUS Client (NAS with permission to consult RADIUS).  This is configured per AP ZONE and then referenced per WLAN in that Zone.

2. Proxy - Where AP (still acting as NAS) sends all RADIUS requests in the AP control tunnel to the SZ where a RADIUS proxy then consults the RADIUS server.  Big advantage of this is you only need to define the SZ nodes as RADIUS Clients (not to be confused with RADIUS user data base).  All RADIUS traffic will go out the Management IP (if using 3 Network configuration vSZ-H).  I believe you can define up to 32 RADIUS authentication profiles in a Cluster.  RADIUS proxy profiles are selected via a RADIUS Realm Authentication service (permitting the same RADIUS profile to use Real/domain based selection) to the WLAN configuration per Zone.

I hope this answers your question.

Thanks

Albert

View solution in original post

1 REPLY 1

Go to solution
albert_pierson
RUCKUS Team Member

‎02-19-2020 12:16 PM

HI Mohammad,

Yes, you can define multiple RADIUS servers per Zone or per WLAN in a Zone.

Ruckus SZ supports 2 ways to authenticate with RADIUS:

1. Direct AP to RADIUS - AP's much be able to reach the RADIUS and each AP will be a RADIUS Client (NAS with permission to consult RADIUS).  This is configured per AP ZONE and then referenced per WLAN in that Zone.

2. Proxy - Where AP (still acting as NAS) sends all RADIUS requests in the AP control tunnel to the SZ where a RADIUS proxy then consults the RADIUS server.  Big advantage of this is you only need to define the SZ nodes as RADIUS Clients (not to be confused with RADIUS user data base).  All RADIUS traffic will go out the Management IP (if using 3 Network configuration vSZ-H).  I believe you can define up to 32 RADIUS authentication profiles in a Cluster.  RADIUS proxy profiles are selected via a RADIUS Realm Authentication service (permitting the same RADIUS profile to use Real/domain based selection) to the WLAN configuration per Zone.

I hope this answers your question.

Thanks

Albert
Copyright © 2024 Khoros, LLC