2 setting rules and selecting the radius server, Setting rules – Toshiba Magnia Z310 User Manual
Page 88
80
With this configuration, a station (STA B) in Domain B will be unable to connect to the access
point (AP A) in Domain A because the authentication will fail. This is because Domain A’s access
point (AP A) entrusts all authentication to Domain A’s RADIUS server (RADIUS-A).
Domain A
CA-A
Domain B
RADIUS-A AP-A(MAGNIA)
STA-A
Router
Router
AP-B(MAGNIA)
CA-B
RADIUS-B
STA-B
(Connected to
AP-A)
STA-B???
If the RADIUS server is compatible with the authentication proxy function (RADIUS Proxy
function), the above problem can be resolved by just change settings on the RADIUS servers.
However, not all RADIUS servers are compatible with the authentication proxy function.
It is possible to create an account for each domain just for the authentication. However, having a
duplicate account would add to the cost and be troublesome.
The RADIUS selection function is an easy solution to this problem.
4.3.2 Setting Rules and Selecting the RADIUS Server
The access point selects the RADIUS server in accordance with the preset information.
The information to be preset is explained below.
4.3.2.1
Setting Rules
When selecting the RADIUS server, the access point refers to the EAP/Identity.
The EAP/Identity is an identifier sent from the station when the 802.1X authentication starts.
Normally, it is written in the format shown below:
Expression using the NetBIOS
domain
Example: DomainA\User01
NAI format expression
Example: [email protected]