Manualshelf

User's Manual

ManualsBrandsAirgo Networks ManualsElectronicsTrue MIMO Access Point
51525354555657585960
Using the Security Portal Menu
Installation and User Guide: Airgo Access Point 227
The RADIUS Proxy feature can reduce administrative effort in the following ways:
It is not necessary to configure each AP with knowledge of each external RADIUS server.
It is not necessary to configure the external RADIUS server with each AP as a RADIUS client.
Any normal (non-portal) AP can have its IP address changed at any time.
RADIUS proxy must be enabled or disabled on a network-wide basis. If this is not done the
following may result:
Loss of external auth-zone information on all APs
Loss of external auth-server information on non-security portal APs
Need to reset the SSID and admin auth-zones portal authentication zones for the network to
function properly.
Due to these potential effects, it is important to back up the configuration of all APs prior to
enabling or disabling RADIUS proxy. See “Managing the AP Configuration” on page 245 for
instructions on backing up the AP configurations.
When enabling RADIUS proxy, there are specific configuration requirements for the NM Portal
AP that acts as the enrollment portal, the backup security portal, and other normal (non-portal) APs.
Configuration Requirements for Portal AP (running Enrollment Service)
The following steps are required at NM Portal when enabling RADIUS Proxy:
1 Back up Portal AP Configuration (recommended). See “Managing the AP Configuration” on
page 245.
2 Configure the external RADIUS server (external authentication servers).
3 Enable RADIUS Proxy. See “Configuring RADIUS Proxy” on page 228.
4 Generate a default Policy. See “Define Policy” on page 198
5 Distribute the default policy to all APs. See “Distribute Policy” on page 199.
If RADIUS proxy is turned off, it is necessary to rebind the authentication zones to the SSIDs. This
can be accomplished from a restored backup configuration. Whenever the proxy state changes or
the external auth server configuration changes, a new default policy must be regenerated and
redistributed to all the enrolled APs.
When you enable RADIUS-proxy, the auth-zone setting is hidden because there are no external
auth-zones being used on this AP. The auth-servers settings shows the list of internal and external
RADIUS servers. You can edit the list of external RADIUS servers used by the proxy on this portal
NOTE: To guard against a single point of failure, it is recommended that you configure
a backup security portal in addition to the working security portal.
NOTE: When RADIUS proxy is enabled, external authentication server information
must NOT be deleted. This information is used by the RADIUS proxy server to proxy
RADIUS authentication requests to these external RADIUS servers. Once RADIUS
proxy is in effect, all future user authentication traffic is redirected to the proxy. In
order to avoid disruption in user authentication, it is strongly recommended to nominate
another AP to be a backup security portal.