Do I need Per-AP Shared Secrets for WPA2-Enterprise RADIUS, or Only 1 for the Controller

Apologies if I missed this somewhere else in the fora, but I searched around and couldn’t find it:

In reading up on RADIUS best practices, I’ve seen several articles that recommend maintaining a separate Shared Secret on a per-server basis. Since it appears that my AP One AC Minis individually contact the RADIUS server when a host authenticates, it seems that I should be able to specify a different SS for each one. However, when using the WiFI controller in our Balance 30, there’s only 1 field for that. Am I missing something? It doesn’t appear from my logs that B30 is handling the authentications, but the RADIUS logs are pretty sparse. If I’ve got the model wrong, could someone please help me understand how it should be working?

Many thanks in advance!


If APs are centralized manage by Controller (Balance 30), same AP profile will be push to each AP. Thus each AP will has same Radius Shared Secret. This is expected behavior.

Fyi, Controller only doing AP management. Each AP still remains it own operation including Radius authentication for clients.

Hope this help.