Is a RADIUS server required when a LAN Enforcer appliance runs in transparent mode?
|Article:HOWTO81773|||||Created: 2012-10-25|||||Updated: 2012-10-25|||||Article URL http://www.symantec.com/docs/HOWTO81773|
RADIUS server requirements depend on how the switch is configured and what you use the switch to authenticate.
The following are some items to watch out for:
Switches that use RADIUS servers for more than the authentication of 802.1x users.
For example, when you log on to the switch, you must type a user name and password. The RADIUS server typically performs authentication for this logon. When the LAN Enforcer appliance is installed, this authentication is sent to the LAN Enforcer appliance. If the authentication is sent to the LAN Enforcer appliance, you must configure the RADIUS server IP address in the LAN Enforcer appliance. You must configure the LAN Enforcer appliance to forward all non-EAP requests directly to the RADIUS server.
Installation of a 802.1x supplicant on a client system. If an 802.1x supplicant exists on a client system, the LAN Enforcer appliance tries to authenticate with the RADIUS server. 802.1x authentication is enabled by default on Windows XP. If you enable your client to work in transparent mode, it does not automatically disable the built-in 802.1x supplicant. You must make sure that no 802.1x supplicant runs on any of your client computers.
Configuration of the Enforcer to ignore the RADIUS request from any client computer that includes a third-party 802.1x supplicant. You can set up this configuration by using an IP address of 0.0.0.0 for the RADIUS server. You can use this setup if you want to run a LAN Enforcer in transparent mode. Some clients can have an 802.1x supplicant. In this case, you can specify that the LAN Enforcer appliance does not send any traffic to a RADIUS server.
Article URL http://www.symantec.com/docs/HOWTO81773