Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Radius Questions

Hi everyone. Hope you all had a good new year. Bring on 2008!

I looking into a wireless network at my school and have previously had real bad experience with wireless. The school I previously worked had wireless and I think the reason why it didnt work properly was because they weren't using Commerical access points and stuck with the home based equipment and dotted lots of these around the building. It was a nightmare to administer because you had to keep note of every IP for each AP if you needed to make a change and login to every AP if it was a global change.

I interested in knowing more about RADIUS server setup but the content I am finding online just seems to confuse me. I have a few questions which I hope someone may be able to answer for me:

1. Am I right in saying that if you have a RADIUS server all AP which are radius compatible can be managed from the server end. So for example if I wanted to change the SSID for the whole wireless network I could simply go onto the RADIUS server make a change there and then the server will broadcast this to all the AP's?

2. The authentication part of radius, does this link in with Active Directory?, so if a user wanted to log onto the network they could use their AD account to authenticate and allow access to the wireless network? or does it run on a separate authentication system.

3. Network access control (NAC) is this a CISCO proprietary thing? and can this work with a RADIUS Server.

I appreciate any help on this. If anyone could also point me out with some good companies who may be able to provide me with a solution that would be great.

Your help is appreciated

New Member

Re: Radius Questions

#1. That would be no. The radius server is used to authenticate the users, not to manage the APs. There can be some interaction with the APs from radius in that some configuations allow you to authenticate mac addresses with radius. That way you could enter the mac once on the radius server instead of doing it on each AP though I have not bothered with that. The nice thing about radius is that when someone tries to hack your wireless, a radius server tied to AD can cause AD account lockout based on your policies, and it is easy to tell if someone is hacking your wireless by checking your radius logs.

2. Radius can point to several external user sources including AD or you can even have user IDs on the radius server itself.

3. NAC should be able to work with radius though I have not used it as of yet.

To manage all of the APs centrally, you would get Cisco's LWAPP APs and a wireless controller such as a 4404. You can also add WCS to manage multiple controllers. It is pretty cool, but I find WCS kind of difficult to navigate if you are used to the autonmous APs. In any case, it does things you can not do with standalone APs.


CreatePlease to create content