PKI Authentication of TLS Connections

Each TLS connection is authenticated using existing, customer-provisioned SSL X.509 certificates and private keys. The RADIUS over TLS connection is established by the AAA application, passing a pointer to these credentials to the OpenSSL cryptographic library.

If there are no live RADIUS over TLS connections, then the AAA application will fall back on legacy RADIUS over UDP (if configured).

Failed RADIUS over TLS connections are retried once every minute, indefinitely. If any live server connections go down, ExtremeXOS will automatically make a reconnect attempt every five seconds for one minute. After one minute, the reconnect attempt occurs every five minutes.