If it were to implement wifi at each branch ,using 802.1x radius authentication what would be the best way to go about that?
i.e would you set up a separate NPS/Radius server at each branch to authenticate locally at each branch, or would you try and centralise 802.1x authentication by having all remote branch clients authenticate against a single centrally located NPS/Radius server ?
If you took the second option, then the remote wife users would be authenticating across the WAN. I don't know if that is considered good practice or not ?
Then again it would seem very messy to have each remote branch implement their own NPS/Radius setup ?
Having never done this before I am interested in what the best strategy would be.
Thanks for any advice.