2 setting rules and selecting the radius server, Setting rules – Toshiba Magnia Z310 User Manual

80

With this configuration, a station (STA B) in Domain B will be unable to connect to the access
point (AP A) in Domain A because the authentication will fail. This is because Domain A’s access
point (AP A) entrusts all authentication to Domain A’s RADIUS server (RADIUS-A).

Domain A

CA-A

Domain B

RADIUS-A AP-A(MAGNIA)

STA-A

Router

Router

AP-B(MAGNIA)

CA-B

RADIUS-B

STA-B

(Connected to

AP-A)

STA-B???

If the RADIUS server is compatible with the authentication proxy function (RADIUS Proxy
function), the above problem can be resolved by just change settings on the RADIUS servers.
However, not all RADIUS servers are compatible with the authentication proxy function.
It is possible to create an account for each domain just for the authentication. However, having a
duplicate account would add to the cost and be troublesome.
The RADIUS selection function is an easy solution to this problem.

4.3.2 Setting Rules and Selecting the RADIUS Server

The access point selects the RADIUS server in accordance with the preset information.
The information to be preset is explained below.

4.3.2.1

Setting Rules

When selecting the RADIUS server, the access point refers to the EAP/Identity.
The EAP/Identity is an identifier sent from the station when the 802.1X authentication starts.
Normally, it is written in the format shown below:

Expression using the NetBIOS

domain

<Domain name>\<Username>

Example: DomainA\User01

NAI format expression

<Username>@<Domain name>

Example: [email protected]