two separate RADIUS servers for one WLC

Unanswered Question
May 30th, 2008
User Badges:

Would it be possible to have two separate RADIUS servers on the same 4400 WLC, assuming a wireless user would only be accessing them one at a time? If it's, how would a user select the RADIUS server he would like to authenticate to?


Thanks.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Scott Fella Fri, 05/30/2008 - 08:49
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

The wlc will only use the 1st radius server that it can communicate with. If that radius server later becomes unavailable, then the wlc will use the second radius server configured. The bad part is that if the primary or first radius server comes back online, the wlc will not use it until the second radius server becomes unavailable.


The only way to force it is to reboot the wlc or palce the secondary radius in the primary spot and hit apply then add the primary radius server back in its spot along with the secondary.

jeromehenry_2 Fri, 05/30/2008 - 09:50
User Badges:
  • Silver, 250 points or more

Another way is to use one radius per SSID, this might be a way to load balance, but the user still won't be able to choose...

Scott Fella Fri, 05/30/2008 - 16:39
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

You have to watch out for that and might want to test it. I believe even though you have a ssid's using separate radius servers, which ever is the first radius the wlc communicates with, it will use. So in this case.... no matter what radius server you choose to point to, it will use the first one.


It is like if you have an ssid configured for peap using radius 1 and then you have an ssid using webauth and no radius servers configured..... users will still be able to use their AD username and password to authenticate via WebAuth.

Actions

This Discussion

 

 

Trending Topics - Security & Network