Per policy RADIUS servers

  • 1
  • Question
  • Updated 7 months ago
I am deploying new RADIUS servers on each of our sites, rather than having all of them in our headquarters. I've created 3 new AAA Client Settings objects each with a different order of the new RADIUS servers. When I replaced the Authentication object for our corporate SSID in one policy the Authentication object was changed in all policies. Is there a way to attach the different Authentication object only in a single policy? Or another way to accomplish going to the local RADIUS first? (I didn't see that I could apply tags in this case.) Using HMOL 8.1r2
Photo of Fraser Hess

Fraser Hess

  • 60 Posts
  • 7 Reply Likes

Posted 7 months ago

  • 1
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
Hi Frazer,

What you actually want to do is to use only ONE AAA Client object, and then use device classification on the referenced Radius Server IP objects.

For example, if you use device tagging for your devices, e.g. Site1, Site2 and Site3, then you can modify your IP address objects specifying the Radius server IP addresses based on the device tag.

Example: Object is Radius-Server-1
- default (global) IP address is 10.0.1.100 - use this as fallback, same for Site 1
- If device-tag1 eq Site1: 10.0.1.100
- If device-tag1 eq Site2: 10.0.2.100
- If device-tag1 eq Site3: 10.0.3.100

Do the same for the Backup1 and Backup2 objects, if you have any....