Security Solutions
3-80
Designing Access Controls
Choose RADIUS Servers
Table 3-55. General Combination
■ Integrated server—The RADIUS servers are built in to PEPs. They
check credentials (and possibly limited policies) by binding to a central
directory service.
Table 3-56. Integrated Server Combination
■
Integrated server/proxy
—RADIUS servers are built in to PEPs. The
built-in RADIUS servers proxy requests to one or more external RADIUS
servers, which check credentials (and possibly limited policies) against a
directory service. Additional policies can be configured on the RADIUS
server through IDM.
Table 3-57. Integrated Server/Proxy Combination
■ Turnkey se rver —PEPs send authentication requests to one or more
“turnkey” RADIUS servers, called “turnkey” because they store all creden-
tials and policies. IDM is a good option for configuring policies on the
turnkey RADIUS server. The RADIUS server requires a local database for
storing credentials; however, IDM can manage local databases for NAC
800s.
Table 3-58. Turnkey Server
PEPs PDPs Policy/Credential Repository
•Switch
•AP
• Wireless Edge Services
Module
• Software RADIUS server
(optionally managed by
IDM)
• NAC 800 (optionally
managed by IDM)
Directory service
PEPs with Built-in PDPs Policy/Credential Repository
Wireless Edge Services Module Directory service
PEPs with Built-in PDPs Proxy PDPs Policy/Credential Repository
• AP 530
• Wireless Edge Services
Module
• Software RADIUS server
(optionally managed by
IDM)
• NAC 800 (optionally
managed by IDM)
Directory service
PEPs PDP with Policy/Credential Repository
•Switch
•AP
• Wireless Edge Services Module
• Software RADIUS server using a local
credential database and managed by IDM
• NAC 800 managed by IDM