Wireless (General)

Expand all | Collapse all

EXOS: RADIUS Configuration more granular

  • 1.  EXOS: RADIUS Configuration more granular

    Posted 08-11-2017 08:33
    For a current customer project i need the following EXOS functionality:

    All MAC Authentication go to RADIUS Server1 and Server2
    All dot1x Authentication go to RADIUS Server 3 and Server4

    currently i can only determine the used RADIUS Server by the realm - management or netlogin - not the Authentication Method.
    So my customer miss this functionality.

    As a workaround i address Server1 (and 2) for all methods and do a forwarding an this server at back-end to server 3/4 for dot1x.
    This is working - but doing this "routing" direct on the switch would be prefered by my customer.

    Additionally this will help in some troubleshooting situations.


  • 2.  RE: EXOS: RADIUS Configuration more granular

    Posted 08-26-2017 16:12
    You can do this with a separate FreeRADIUS server to use as a proxy. in the realms configuration you would simply put a regex for the MAC addresses to instruct it to forward to your MAC address radius servers, and then specific domains (or even DEFAULT) for the 802.1X sessions. This is also a way to segregate different domains to different RADIUS servers.

    If you already had freeradius servers you can chain them, and pull out, say, the 802.1X sessions to proxy to an upstream server and then auth the MAC auth sessions on the existing server. (this is exactly how NAC does it when you choose auth MAC locally).