Security Solutions
3-81
Designing Access Controls
Choose RADIUS Servers
■ Integrated server/proxy to turnkey server—RADIUS servers are built
in to PEPs. The built-in RADIUS servers proxy requests to one or more
external RADIUS servers, which store all credentials and policies. IDM is
a good option for configuring policies on the turnkey RADIUS server.
Again, IDM can manage credentials for NAC 800s only.
Table 3-59. Integrated Server/Proxy to Turnkey Server Combination
■ Fully integrated—Endpoints connect to PEPs, each of which includes
a built-in RADIUS server and stores all credentials and policies locally.
Table 3-60. Fully Integrated Combination
Note that the integrated server options can combine with the general option
to accommodate PEPs that do not include built-in servers.
Table 3-61. Alternate Integrated Server/Proxy Combination
Table 3-62. Alternate Integrated Server/Proxy to Turnkey Server Combination
You can now consider the best choices for your environment:
1. How many users do you have in your network?
PEPs with Built-in PDPs Proxy PDP with Policy/Credential Repository
• AP 530
• Wireless Edge Services Module
• Software RADIUS server using a local
credential database and managed by IDM
• NAC 800 managed by IDM
PEPs with Built-in PDPs and Policy/Credential Repositories
• AP 530 (up to 100 users)
• Wireless Edge Services Module (up to 500 users)
PEPs (Optional) PEPs with built-in
PDPs
Proxy PDPs Policy/Credential
Repository
•Switch
•AP
• AP 530
• Wireless Edge
Services Module
• Software RADIUS
server
•NAC 800
Directory service
PEPs (Optional) PEPs with Built-in PDPs Proxy PDP with Policy/
Credential Repository
•Switch
•AP
• AP 530
• Wireless Edge Services
Module
• Software RADIUS server
managed by IDM
• NAC 800 managed by IDM