MSM7xx Controllers Configuration Guide v6.4.0
When both authentication and access control are enabled
In this configuration, the controlled AP forwards authentication requests from users on the VSC to
the controller. The controller resolves these requests using the local user list, or the services of a
third-party authentication server (Active Directory or RADIUS server). The controller then manages
access to the protected network using its access control features (public access, interface, access
lists, etc.).
ControllerControlled AP
User
Third-party
authentication
server
Protected network
A
u
t
h
e
n
t
i
c
a
t
i
o
n
t
r
a
f
f
i
c
U
s
e
r
t
r
a
f
f
i
c
Router
M
a
n
a
g
e
m
e
n
t
t
r
a
f
f
i
c
When only authentication is enabled
In this configuration, the controlled AP forwards authentication requests from users on the VSC to
the controller. The controller resolves these requests using the local user list, or the services of a
third-party authentication server (Active Directory or RADIUS server).
The controlled AP forwards all authenticated user traffic from users on the VSC to the protected
network (or another device performing access control) according to settings defined on the controlled
AP.
ControllerControlled AP
User
Third-party
authentication
server
A
u
t
h
e
n
t
i
c
a
t
i
o
n
t
r
a
f
f
i
c
U
s
e
r
t
r
a
f
f
i
c
Router
M
a
n
a
g
e
m
e
n
t
t
r
a
f
f
i
c
Network
When neither option is enabled
In this configuration, the controlled AP can be configured to resolve authentication requests using
a third-party RADIUS server and forward authenticated user traffic to the protected network (or
another device performing access control). In this scenario, the controller is only used for
management of the controlled AP.
ControllerControlled AP
User
Third-party
authentication
server
Protected network
A
u
t
h
e
n
t
i
c
a
tio
n
t
r
a
f
f
i
c
U
s
e
r
t
r
a
f
f
i
c
Router
M
a
n
a
g
e
m
e
n
t
t
r
a
f
f
i
c
VSC configuration options 115