When You
Include Multiple
RADIUS Servers
on the RADIUS
Server List
AT-WA7500 and AT-WA7501 Installation and User’s Guide
802.11b radio is configured with no security and you expect it to associate with the secondary 1 service set. However, when the end device receives the beacon from the access point that indicates that some type of security is being used, the end device does not communicate with the access point.
Another important consideration is that the service set that allows wireless hops should have the strongest security configuration possible for your environment. Do not enable wireless hops on the ports that have no security. WAPs configured on the other service sets will hear the unencrypted hellos on the wireless hop port and those WAPs will attach to the spanning tree, even though they should not.
You can use multiple RADIUS servers to act as password servers, to support ACLs, to use in an 802.1x security solution as authentication servers, and to use in an WPA/802.1x security solution as authentication servers. If you don't configure the server port map, the access point uses the first RADIUS server (Server 1) in the list as the main server. Other servers are simply backup servers.
If the first RADIUS server responds and the client’s information does not appear in that server’s database, the client is blocked. The access point does not check the databases on any other RADIUS servers.
If the first RADIUS server goes down during the operation and a RADIUS server lookup needs to occur, the authenticator access point will time out looking for the first server. Then, the access point looks for the next server in the list. If the authenticator access point finds the next server, it stays with that server forever, even if the first server comes back. If the backup server goes down, the authenticator access point continues looking down the list and eventually wraps around to the first server again.
However, you can configure the server port map so that the access point uses different RADIUS servers to serve different ports.
To configure the server port map
From the main menu, click Security > RADIUS Server List > Server Port Map. The Server Port Map screen appears with the IP Address/ DNS Name column populated with the RADIUS servers that you configured in the Server Selection screen.
For example, you can select one RADIUS server to service parent access points authenticating child access points using IAPP authentication by checking the check box in the IAPP Authentication column. Then, you can select another RADIUS server to service access points authenticating end devices by checking the check box for the appropriate service set.