How to configure authentication using the Access Control engine RADIUS server to locally terminate 802.1X EAP authentication requests. There are three methods that can be used to do this, depending on the protocol that is used:
- LDAP Authentication – Uses a backend Active Directory server or LDAP server, and
RADIUS server and client certificates (if required) to authenticate users.
- Local Authentication – Uses a local password repository, and RADIUS server and
client certificates (if required) to authenticate users.
- RADIUS Certificates only – Uses only RADIUS server and client certificates to
authenticate users (no password is required).
The chart below lists the hash types supported by each protocol for user password
encryption. Note that PEAP (TLS) is not supported for local RADIUS termination
and is only supported in a proxy RADIUS configuration. If passwords are required, you can then decide whether to use LDAP or local authentication for password verification.