LogoLogo
LogoLogo
  • Welcome
  • Details
  • Configuration
    • Getting Started
      • Generic Guide
      • Scenario-based Guides
        • Microsoft Cloud PKI
        • SCEPman PKI
    • Access Point Setup
      • RadSec
        • Aruba
        • FortiNet
        • Juniper Mist
        • Meraki
        • MikroTik
        • Ruckus
        • UniFi
      • RADIUS
        • ExtremeCloud IQ CoPilot
        • Meraki
        • Sophos UTM
        • UniFi
    • Server Certificate Renewal
  • Admin Portal
    • Home
    • Insights
      • Rule Engine
      • Logs
    • Users
    • Settings
      • Server Settings
      • Trusted Certificates
      • Proxy Settings
      • Permissions
      • User Settings
      • Rules
        • General Structure
        • WiFi
        • LAN
        • VPN
      • Log Exporter
        • Teams
        • Log Analytics
        • Generic Webhook
        • Examples
    • My Invited Users
  • Profile Deployment
    • Microsoft Intune
      • Server Trust
      • WiFi Profile
        • Windows
        • iOS/iPadOS & macOS
        • Android
      • Wired Profile
        • Windows
        • macOS
    • Jamf Pro
      • Server Trust
      • WiFi Profile
      • Wired Profile
    • Google Workspace
      • Server Trust
      • WiFi Profile
  • Other
    • Troubleshooting
    • FAQs
      • General
      • Log & Common Errors
      • MAC Authentication
      • Blast-RADIUS Vulnerability
      • OCSP Soft-fail Consequences
      • Security & Privacy
    • REST API
      • External Monitoring
    • Changelog
  • Licensing
    • Azure Marketplace
  • Support & Service Level
  • RADIUSaaS Website
Powered by GitBook
On this page
  • Architecture
  • Performance
  • Scaling
  • Regions
  • Load Balancing
  • Failover
  • Properties
  • Add
  • Delete

Was this helpful?

  1. Admin Portal
  2. Settings

Proxy Settings

Proxy settings are available under https://YOURNAME.radius-as-a-service.com/settings/proxy

Proxies are necessary in case your authenticators (e.g. APs, switches, ...) only support traditional RADIUS / UDP for AAA. The proxies faciliate the protocol conversion from RADIUS to RadSec so that your equipment can properly communicate with RADIUSaaS core server(s), that exclusively support RadSec / TCP for AAA.

Architecture

Since there are at least two RADIUS-speaking public IP addresses included in your subscription, we strongly recommend configuring those two IP addresses so they can be used as primary and secondary RADIUS server on your network gear and appliances. Thereby, the second public IP address should be located in a different geo-region than the primary address.

Performance

Each proxy can handle up to 1,500 concurrent connections flawlessly.

This corresponds to a time-based performance of 10,000 authentications per minute per proxy.

Scaling

We have never never seen any issues if you choose Europe as proxy location, no matter where your clients are located. Nonetheless it can increase your performance to choose the Proxy at one location which is as close as possible to your offices and sites.

To ensure smooth operation, consider the following number of proxies based on the number of users you have licensed (your needs may change if your offices are more globally distributed):

User
Proxy Count

50 - 2,500

2

2,501 - 10,000

3

10,001 - 25,000

4

25,001 - 50,000

6

50,001 - 100,000

10

Regions

You can deploy the proxy servers in the following regions:

Load Balancing

If you have a setup with more than 1,000 users, we highly recommend ensuring, that your network equipment will send equal amounts of authentications to each proxy.

For network equipment, where you can define the priority of the RADIUS servers, you can ensure load-balancing by defining different priority orders for your different network equipment instances.

Example: You have 5 WiFi controllers and 3 RADIUS Proxies. You may then configure the following priority orders in your WiFi controllers:

WiFi Controller #
RADIUS Priority Order

1 and 4

1, 2, 3

2 and 5

2, 3, 1

3

3, 1, 2

Failover

In the unlikely event that one or more RadSec endpoints fail, the available proxies will detect the failed state and redirect requests to the (geographically) closest active RadSec endpoint.

Properties

Add

To Add a new proxy, simply click Add, choose your Region and click Create.

After the installation has finished, it can take up to 15 minutes until your proxy has established a connection to your RADIUS server.

Delete

To Delete a proxy, simply click Delete of corresponding table row and confirm your choice.

Last updated 1 month ago

Was this helpful?

When are configured, RADIUSaaS provides an automatic failover mechanism for your RADIUS proxies.

Please note that this failover does not apply if the RadSec protocol is being used by the Authenticators rather than RADIUS. In that case, failover is provided by the Authenticator as described .

The IP address, ports and shared secret of the RADIUS Proxies will be displayed under > .

here
Server Settings
multiple RadSec endpoints
Ports and IP Addresses
Continent
Region

Africa

Johannesburg

Asia

Bangalore Singapore TelAviv Tokio

Australia

Sydney

Europe

Frankfurt London Madrid Stockholm

North America

Dallas New York Seattle Toronto

South America

Santiago

Showing how to create a proxy
Showing proxy servers
Showing deletion of a proxy server