Security Solutions
3-88
Designing Access Controls
Choose RADIUS Servers
This option balances reducing traffic with easing management.
Table 3-69. RADIUS Server Locations (Reducing Inter-Site Traffic)
Example. Choosing your access control architecture is not as daunting as it
may seem—as you can see by following the decision process that the PCU
network administrators used. For the sake of this example, PCU has
established two satellite campuses, which are connected to the main campus
in a WAN.
PCU network administrators begin by considering: should the same policies
apply at each site? Because the off-campus sites are not truly autonomous
locations, they decide to use the same policies for both. Some students attend
classes at both the main campus and a satellite campus location.
Access Control
Component
Combination
Access Control
Architecture
RADIUS Server
Devices
RADIUS Server
Location
Credential
Repository
Credential
Repository
Location
General Multi-site
distributed AAA
with centralized
policies
Software servers
or NAC 800s
One or more at
each site
Directory service Central site
Integrated server Multi-site
distributed AAA
with centralized
policies
AP 530s or
Wireless Edge
Services Modules
One or more at
each site
Directory service Central site
Integrated server/
proxy
Multi-site
distributed AAA
with centralized
policies
• AP 530s or
Wireless Edge
Services
Modules
• Software
servers or NAC
800s
One or more at
each site
Directory service Central site
Turnkey server Multi-site
distributed AAA
with centralized
policies
Software servers
or NAC 800s
One or more at
each site
Software servers
or NAC 800s
Servers at central
site
Integrated server/
proxy with turnkey
server
Multi-site
distributed AAA
with centralized
policies
• AP 530s or
Wireless Edge
Services
Modules
• Software
servers or NAC
800s
One or more at
each site
Software servers
or NAC 800s
Servers at central
site