Manualshelf

User's Manual

ManualsBrandsAirgo Networks ManualsElectronicsTrue MIMO Access Point
61626364656667686970
9 Managing the Network
228 Installation and User Guide: Airgo Access Point
and distribute the new list to one or more security portals if you generate a new default policy and
distribute it.
For more information on SSIDs, authentication zones, and authentication servers, see “Configuring
Authentication Zones” on page 155.
Configuration Requirements for Backup Security Portal
It is highly recommended that you configure one or more backup security-portals when configuring
RADIUS proxy. Each of the backup security portals must establish trust with the external RADIUS
servers. The synchronization of configured external RADIUS servers from the primary Security-
Portal (usually the NM Portal AP) is automatic, and no special action is required by the user. All
external RADIUS server configuration should be done on the NM Portal AP, not on the backup
security portals.
Configuration Requirements for Normal APs (Non-Portal APs)
Configure RADIUS proxy on normal (non-portal) APs by defining a policy with RADIUS proxy
and then distributing it to the normal APs. This ensures that the correct sequence of configuration
changes are applied to the normal APs when RADIUS proxy is enabled or disabled.
When RADIUS proxy is enabled on a normal AP, all external auth-server information is deleted.
Security is enhanced because the number of global secrets (such as Shared Secret between external
RADIUS server and the AP) maintained on the normal APs is reduced. In addition, all SSID
security is bound to the portal auth-zone (which is a list of security-portals in the network),
permitting normal APs to redirect wireless authentication to security portal APs that take on the
role of sending a proxy request to external RADIUS servers. Similar redirection occurs with
administrator logins. To disable RADIUS-proxy on the normal AP, you must go back to the NM
Portal AP, disable RADIUS proxy, and redistribute the policy to all APs across the network.
When RADIUS-proxy is disabled, then a policy push from the NM Portal AP to the normal APs
restores the external RADIUS server configuration along with the corresponding shared secrets.
Configuring RADIUS Proxy
Use the RADIUS Proxy panel (Figure 167) in the AP web interface to enable the RADIUS proxy
feature. For the full set of steps required to configure RADIUS proxy, see “Configuration
Requirements for Portal AP (running Enrollment Service)” on page 227.
NOTE: It is highly recommended that you make the decision to use RADIUS proxy
when first configuring the network, in order to make the configuration seamless and
less error prone. The RADIUS proxy setting should be made part of the default NM
Portal or NMS Pro policy prior to enrolling other APs. This ensures that all
subsequently configured APs inherit the correct proxy settings when they are enrolled.