Best Ways to Implement RADIUS for WiFi Without Local DCs

Consider the type of WiFi technology you have. Some vendors offer RADIUS caching, which allows successful authentications to be stored temporarily. If your VPN goes down, clients who have already authenticated can still connect without issues until it’s restored.

Setting your RADIUS server in the cloud, like Azure, could be a solid choice! This way, a site outage wouldn't take down your RADIUS authentication, making things a lot smoother. It’s less of a hassle than deploying more servers across locations.

If local resources are essential for your users, implementing a cloud-based RADIUS solution might be the best route. Plus, you might want to explore using some technologies that allow for alternative authentication methods when the RADIUS server is unavailable.

There are definitely options out there for combining local and external authentication. Some NAC solutions allow for local caching or fallback mechanisms when RADIUS server connectivity is disrupted. This way, you're not left hanging if the VPN drops.

You're on the right track thinking about RADIUS and the VPN. If the VPN goes down, the RADIUS server needs to be reachable for authentication. Some folks suggest looking at cloud RADIUS solutions for your setup, especially since your organization is already syncing AD users with Office 365.