Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

Brocade Mobility RFS7000-GR Controller System Reference Guide

493

53-1001944-01

In this chapter

A

B.1.13 AAP RADIUS proxy support
When an Adaptive AP is adopted to a central switch over a WAN Link, the switch configures the
Adaptive AP for a WLAN with RADIUS authentication from a RADIUS server residing at the central
site. When the Adaptive AP gets a RADIUS MU associated, it sends the RADIUS packets on the
wired side with its own IP Address as the source IPof the request and the Destination IP Address of
the RADIUS Server. In a local network implementation, the Adaptive APs, switch and RADIUS
Servers are all on the same LAN and the routing works fine. However, when the Adaptive AP is
adopted over a WAN link, the RADIUS Server IP Address will be an internal address which is
non-routable I over the Internet.

To access the RADIUS server’s non-routable IP address over the WAN, you have the option to
configure Adaptive AP RADIUS Proxying for the WLAN. When this flag is enabled, the Adaptive AP is
reconfigured to send all RADIUS traffic to the switch and the switch does the proxying to the real
RADIUS server to handle authentication. The switch automates the process of handling RADIUS
proxy configuration and client configurations. The switch supports only one real RADIUS server
configuration without the presence of realm information. To support multiple RADIUS servers, a
realm has to be associated with the real RADIUS server.

When AAP RADIUS proxying is enabled without specifying a realm, the switch can no longer process
requests on the on-board RADIUS server. You cannot authenticate using the on-board RADIUS
server any longer because all authentications done by users without a realm are forwarded to the
external RADIUS server, as configured for the WLAN with Adaptive AP RADIUS Proxy.

NOTE

The Brocade Mobility RFS7000-GR Controller support Adaptive AP RADIUS proxy without specifying
realm information. If AAP Proxy RADIUS is enabled without specifying realm information, the
onboard RADIUS server can no longer be used to authenticate users. If AAP Proxy RADIUS is enabled
for a WLAN with realm configured, then the onboard RADIUS server can perform as usual.

NOTE

If AAP Proxy RADIUS is configured, the onboard RADIUS server has to be enabled. By default the
onboard RADIUS server is disabled. To enable the onboard RADIUS server use the Web UI or issue
the “service RADIUS” command in the CLI.