What is the difference between “internal” and “external” for the RADIUS servers type in the NXC?

Zyxel_Kathy
Zyxel_Kathy Posts: 76  Zyxel Employee
edited June 29 in Authentication

NXC GUI : CONFIGURATION > Object > AP Profile > SSID > Security List

 

1.      What is the authentication mechanism used by an "internal" RADIUS server?

When you select "internal" as the RADIUS server type, the 802.1X authentication is processed by an internal RADIUS that is built within the controller. When the AP is managed by the controller, it automatically adds the AP as a trusted client.

The topology:

Controller (built-in radius server)-----------AP (radius server's trusted client)

2. What is the authentication mechanism used by an "external" RADIUS server?

When you select "external" as the RADIUS server type, the 802.1X authentication is processed by an external RADIUS. The controller will forward the authenticated packets from the AP. Hence, you need to manually add the AP as a trusted client to the external RADIUS server.

The topology:

External radius server-------------controller-----------AP (RADIUS server's trusted client)

==============================================================

The difference between "internal" RADIUS servers for the NXC managed AP and the standalone AP is that the NXC can support both local and external user database, but the standalone AP only supports local user database.  

 

NXC with managed AP

Internal RADIUS server is a trusted RADIUS client for the NXC controller.

External RADIUS server is a trusted RADIUS client for the APs.

 

Standalone AP

Internal: internal RADIUS server (built within the standalone AP) with local user database.

External: external RADIUS with external user database.