ā04-30-2018 01:44 PM
We are testing POC with Aerohive AP's . We have multiple sites in our school board. In HiveManager, I was wondering if we can group a set of access points to go to one RADIUS server and configure another set of access points to go to another RADIUS server. This will help us to have a decentralized RADIUS solution at each site. We would need to maintain the same ssid across the board though.
Solved! Go to Solution.
ā04-30-2018 06:56 PM
Yes, we can do this via classification. You would want to start by creating a map and placing a set of access points on this map. Then create a Radius SSID> add the Default Radius server> Click the box next to "Apply RADIUS server groups to devices via classification"> Add the second Radius server in the new section> Click on the plus icon next to the second Radius server under Assignment Rules> Add> Device location> Select the map you placed your APs on. This will mean that all users connecting to APs on this map will connect to the second Radius server. All clients connecting to any other AP will get the default Radius server.
ā05-01-2018 08:37 PM
So it sounds like you have one Radius server, not 45 individual ones?
ā05-01-2018 12:45 PM
All those sites are schools. We have a ssid called byod which does RADIUS authentication on the AD account of an user. The way we have it setup now is, any user(student or teacher) who has a AD credential can be connected to the ssid. Therefore any teacher or student who goes to any of our school sites will get authenticated under the same ssid. The central wireless controller which has the ssid is pointing to one RADIUS server which is one location. All sites will direct their RADIUS requests to this RADIUS server.
We do have a local RADIUS server at each site. If the wireless controller can push some kind of configurations to the AP's in such a way the RADIUS requests goes to the local RADIUS server of that site rather than coming to a different location for authentication then we can keep the authentication mechanism within the lan instead of going out to the WAN and coming back in to the lan. Hope that makes sense.
What advantage is there for AP to act as a RADIUS proxy ?
ā04-30-2018 08:55 PM
I think that would certainly cause a delay, and I'm pretty sure there's a limit to how many assignment rules we can have per SSID. Can you tell me why you need all 45 sites to use one SSID but 45 different Radius servers?
ā04-30-2018 08:06 PM
We have about 45 sites. We can place the AP's on 45 floor plans. Therefore I need to add 45 rules under a ssid. Do you think the AP's will be fast enough to go thru the 45 rules and find to which RADIUS server the request should go to ?? I'm wondering if there will be a delay. Do you know any clients who has several rules under a ssid, particularly for RADIUS ?