Security Solutions
3-83
Designing Access Controls
Choose RADIUS Servers
Delegating some responsibilities to edge components, as in the integrated
server/proxy option, can also increase scalability. For example, when you
add a Wireless Edge Services Module to accommodate wireless users, that
module can add the capabilities of its built-in RADIUS server rather than
simply increasing the burden on existing PDPs.
Table 3-64 shows how these two factors typically balance out.
Table 3-64. Scalability of Access Control Component Combinations
4. How many resources do you have to devote to managing policies? How
important is ease of management?
The ease with which you can manage a solution depends in part on the
size of your network. For example, a fully integrated design may be easy
to manage if you have only one point of access—a Wireless Edge Services
Module, for example. However, in a network with many PEPs, the more
you centralize policies and policy decisions, the easier the policies are to
manage and control.
When you have selected your strategy for combining the access control
components, fill in information in Table 3-65. The first rows give you some
examples.
Table 3-65. Access Control Component Combinations
Example. The PCU administrators follow the steps above to select the best
combination of access control components for their network. For PCU, the
choice is easy. Their LAN and wireless network both have more than 1000
users, so they choose the general option.
Most Scalable Scalable Moderately Scalable Least Scalable
General • Integrated server/
proxy to turnkey
server
• Integrated server/
proxy
• Turnkey server
• Integrated server
Fully integrated
Access Control Component
Combination
RADIUS Server Devices Credential Repository
General Software RADIUS servers Active Directory
Integrated server/proxy to
turnkey
• Built-in RADIUS server on
wireless devices
• NAC 800s managed by IDM