Deployment scenarios

You can deploy the RADIUS/TLS servers in any of the following scenarios:

• Scenario 1: Switch establishes TLS connection with the RADIUS server.

• Scenario 2: Switch establishes TLS connection with the proxy server, which communicates with the RADIUS server.

Scenario 1: Switch establishes TLS connection with the RADIUS server

In this scenario, the RADIUS server is across WAN. The RADIUS/TLS secures the user data by creating an encrypted TLS tunnel between the switch and authentication server.

Scenario 2: Switch establishes TLS connection with the proxy server, which communicates with the RADIUS server

在这种情况下,多个服务器区域半径ributed over WAN (untrusted networks). RADIUS proxy directs the RADIUS requests to the RADIUS server, which listens on UDP. The proxy server uses the switch certificates to authenticate the client-server credentials. As a result, all RADIUS communications across the network are TLS encrypted.