This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

XIQ doesn't support RADSEC for Enterprise SSIDs?

XIQ doesn't support RADSEC for Enterprise SSIDs?

Go to solution
NaNaSSHi
New Contributor

Tuesday - last edited Tuesday

Hi all,

I am trying to connect a lab environment to an external RADIUS server using RADSEC. 

I would like to use RADSEC as the RADIUS server is located in the cloud, and I don't need my username or EAP-TLS certificate metadata going across the Internet unencrypted.

I have been trying to add a RADSEC server to the RADIUS Server Group in my 802.1X SSID with no success.

The only two options for RADIUS servers are "Standard" and "Secure". Does "Secure" mean RADSEC? Whenever I try to add a "Secure" RADIUS server, the object gets created but it disappears from the RADIUS Group and cannot be added to the SSID.

Does XIQ simply not support RADSEC? This is quite surprising to me

NaNaSSHi_0-1765340118894.pngNaNaSSHi_1-1765340159609.png

 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Nick_Moore
Extreme Employee

Wednesday

I followed up with some colleagues. We do support this. However, only the RADSEC APs would know of the external RADIUS server. After creating the external Secure RADIUS server with all the needed trust point and shared secret, you would then click Extreme Networks RADSEC Proxy in the RADIUS server group:image (8).png

Then you click the "+" to create the RADSEC Proxy configuration, where you would use the external secure server as the External RADSEC Server:

image (9).png

 

Using this, your APs would then talk to the RADSEC proxies that are selected automatically, and only those proxies would be communicating to your secure external server. 

-Nick

View solution in original post

3 REPLIES 3

Go to solution
Nick_Moore
Extreme Employee

Wednesday

I followed up with some colleagues. We do support this. However, only the RADSEC APs would know of the external RADIUS server. After creating the external Secure RADIUS server with all the needed trust point and shared secret, you would then click Extreme Networks RADSEC Proxy in the RADIUS server group:image (8).png

Then you click the "+" to create the RADSEC Proxy configuration, where you would use the external secure server as the External RADSEC Server:

image (9).png

 

Using this, your APs would then talk to the RADSEC proxies that are selected automatically, and only those proxies would be communicating to your secure external server. 

-Nick

Go to solution
NaNaSSHi
New Contributor
In response to Nick_Moore

yesterday - last edited yesterday

Thank you!!
Can you provide more information on how to create the external RadSec server?
GTAC gave me this article: https://extreme-networks.my.site.com/ExtrArticleDetail?an=000132860

However, I don't know what to put for "Server Key File". Isn't that just the RADSEC Server certificate? The certificate contains the public key, and i don't see why the private key of the RADSEC server would be necessary.

0 Kudos

Go to solution
Nick_Moore
Extreme Employee

Wednesday - last edited Wednesday

Hello,

I know we use RADSEC for our Cloud-stored PPSK/IDM/Guest Essentials solutions. I will do some digging on how this Secure setting is meant to be used.

-Nick

GTM-P2G8KFN