Hi
Can we specify the source IP of RFS as RADIUS client?
If not, how is this determined?
I am currently testing with the partner.
I cannot find out how to specify this in case that RFS has several virtual interfaces.
One IP is being as RADIUS client in our test setting.
RFS is running with V5.3.1.
Your input would be greatly appreciated.
3 Replies
In WiNG 5 the source interface is determined using destination based routing (i.e. the local routing table). In most cases this will be the SVI that the default gateway is assigned. However if static routes are defined then the SVI with the next-hop router where the remote network can be reached is used. Regards, Kevin
Hi Kevin-san Thank you for your clarification. I will try again, based on this input. However, I am not sure if this implementation is good or not, as RADIUS server needs to register the client IP for the authentication. Best Regards Sato
Sato-San, The way we select the source IP address has not changed as we are doing it the exact same way in WiNG 5 as we have done in the past with WiNG 3 & WiNG 4. For Controllers you will have one switched virtual interface (SVI) defined that is used for device management, AP adoption and RADIUS. The SVI will typically have a static IPv4 address defined so that the IPv4 address is fixed. The default gateway also resides on the same network as the SVI. Access Points will also have a switched virtual interface (SVI) defined which is used for management and adoption. In most cases the IPv4 address, mask, default gateway and Controller IP address(es) will be dynamically assigned from a DHCP server. When the AAA policy is defined, the proxy mode determines which WiNG 5.X device orriginates the RADIUS Authentication and Accounting requests. When the proxy mode is set to 'none', the Access Points will orriginate the RADIUS requests from their dynamically assigned SVI. In this case the source IP address could be anything making it very hard to add the Access Points as RADIUS clients. If the proxy mode is set to 'through-controller', the RADIUS requests orriginate from the Controllers statically defined SVI. In this case the source IP address is known as the Controllers IP address is static making it easy to add the Controllers as RADIUS clients. Regards, Kevin