Proxying RADIUS requests to an existing RADIUS server
●
With this method, the switch is configured with the Sentriant AG IP address as the RADIUS server
host. When the switch performs the RADIUS authentication against the Sentriant AG server,
Sentriant AG proxies the request to another RADIUS server. As long as that server supports the
appropriate authentication methods used by the client it should allow and authenticate the proxied
requests. On successful authentication, when the end RADIUS server returns the proxied request
Sentriant AG overrides the RADIUS attributes which specify to the switch which VLAN to place the
endpoint in if necessary. Sentriant AG then returns the authentication results to the switch.
Using the built-in Sentriant AG RADIUS server
●
With this method, all authentication takes place on the Sentriant AG server. The switch is configured
with the Sentriant AG IP address as the RADIUS server host. Sentriant AG performs the
authentication based on the FreeRadius configuration, inserts RADIUS attributes specifying into
which VLAN to place the endpoint, and returns the result to the switch.
When Sentriant AG is used in an 802.1X network, the configuration is as shown in
communication flow is shown in
Sentriant AG Users' Guide, Version 5.0
Figure 118 on page
231.
802.1X Quarantine Method
Figure
117, and the
229