Instant On - Wireless

 View Only
  • 1.  802.1x without radius

    Posted 7 days ago

    Hi all,

    is there a way to use 802.1x without running an external radius server? Other manufacturers already offer this with a kind of local authentication.

    If it is possible, I would be grateful for a configuration example or a help article.

    Many thx



    ------------------------------
    ciao
    Ryder Hook
    ------------------------------


  • 2.  RE: 802.1x without radius

    Posted 7 days ago

    I see that Meraki offers the 802.1x local authentication capability:

    https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_802.1X

    But if you look at this link you'll see that the MR access point is running a local. RADIUS server.  But it still has a dependency on the central LDAP server.  The local RADIUS server caches authentication information so if connectivity is lost to the remote LDAP server it can do some authentication locally, provided it has seen specific authentications in the past to have them in cache.  When the cache expires entries after awhile, then you may not have the cached information to locally authenticate users.

    So it's more of a bandaid than a fix.  802.1X works with RADIUS and requires access to a user database for authentication and permission setting.



    ------------------------------
    Ron Buchalski
    ------------------------------



  • 3.  RE: 802.1x without radius

    Posted 6 days ago

    Hi Ryder.

    Not at this time. You can have local 802.1x on Instant (AOS8) and controller based AOS8. Also you can have 802.1x on AOS10 with cloud auth. But for now not on Instant ON. 

     You can use FreeRadius for the job.

    To have this included into one of next releases the best way is to propose it in Innovation Zone and get as many votes as you can. Some very good business justification will not hurt.

    Best, Gorazd



    ------------------------------
    Gorazd Kikelj
    ------------------------------



  • 4.  RE: 802.1x without radius

    Posted 6 days ago

    Hi gozard,

    Thank you for the clarification. Of course, I know that I can operate a free radius locally. But maintaining a free radius installation is not always easy for SMEs. I also find it impractical to buy a radius as a cloud service, because in the event of an internet outage, internal use of the WLAN is complicated. Therefore, I find the local radius on the controller a smart solution. Also with restrictive performance limits. In my opinion, this approach only makes sense for up to 20 users. Do you have a link where we can suggest this solution?



    ------------------------------
    ciao
    Ryder Hook
    ------------------------------



  • 5.  RE: 802.1x without radius

    Posted 5 days ago

    Hi Ryder.

    Link to Innovation Zone is here.  But is mostly for Enterprise products. For InstantOn the option for new requsts is usually in these forums or you can contact HPE partner to submit it for you to HPE.

    Best, Gorazd 



    ------------------------------
    Gorazd Kikelj
    ------------------------------