EAP/TLS/Certs deployment strategies [centralized v.s. local]

A Afshin Mansoorieh 3 years 5 months ago
1 1 0

Team,

We have a customer who is considering a large MC40 roll out.  They have CISOC infrastructure and for their WLAN authentication, they have chosen EAP/TLS with certs.

They have chosen a centralized model for authenticating the RADIUS requests which means all requests are forwarded to a bank of RADIUS servers at the corporate data center.  They are concerned about reliability in case the data-center becomes unreachable (cut cable, etc…).

They have asked us for advice on what other customers are doing centralized, local-auth, etc… 

I am looking to get some ideas on what other customers are doing to address the concern.

Thanks,

Afshin
Please Register or Login to post a reply

1 Replies

K Kevin Marshall 5 years 4 months ago

Afshin, If availability is critical to the customer then they need the ability to failover to a secondary authentication source in the event that the primary authentication source is unreachable. This could be:   1. A AAA server deployed in the secondary datacenter 2. A AAA server deployed locally at the remote site 3. A AAA server that is reachable over a backup path such as dial-up, ISDN or IPsec VPN tunnel. Most customers I deal with use one of the above strategies which are each supported by WiNG 5.X. In the case of # 2 the local AAA server could be deployed on an Access Point or Site Controller. Regards, Kevin

CONTACT
Can’t find what you’re looking for?
Get in touch