Team,
We have a customer who is considering a large MC40 roll out. They have CISOC infrastructure and for their WLAN authentication, they have chosen EAP/TLS with certs.
They have chosen a centralized model for authenticating the RADIUS requests which means all requests are forwarded to a bank of RADIUS servers at the corporate data center. They are concerned about reliability in case the data-center becomes unreachable (cut cable, etc…).
They have asked us for advice on what other customers are doing centralized, local-auth, etc…
I am looking to get some ideas on what other customers are doing to address the concern.
Thanks,
Afshin
1 Replies
Afshin, If availability is critical to the customer then they need the ability to failover to a secondary authentication source in the event that the primary authentication source is unreachable. This could be: 1. A AAA server deployed in the secondary datacenter 2. A AAA server deployed locally at the remote site 3. A AAA server that is reachable over a backup path such as dial-up, ISDN or IPsec VPN tunnel. Most customers I deal with use one of the above strategies which are each supported by WiNG 5.X. In the case of # 2 the local AAA server could be deployed on an Access Point or Site Controller. Regards, Kevin