Hi Team,
A customer wants to use certificates for the authentication of 1,000 MC3090 that connects to hundreds of AP5131 in tens of branch offices. They do not require to setup one user account for each MC3090, but just to certificates to get more secured. One problem is that if we use a central RADIUS server in their headquarter, if the WAN connection between the HQ and a branch office is broken, will those already connected MC3090 be dropped off immediately? Obviously, no more MCD can be authenticated till the WAN connection is resumed. Maybe we should use each AP5131’s internal RADUIS server and just install the same root certificates on all MCD and the same server side certificate on all AP5131? However, it seems difficult to make any modification when it is required. Will it also compromise the security level? They are open to buy RFS7000 for HQ, or RFS4000/6000 in branch offices, or let AP5131 run in AAP mode, but it is too expensive to replace all those AP5131 with AP7131 and upgrade to WiNG5 when it is released.
Thank you!
Junhua
0 Replies