two different radius authentication methods on one guest wlan

Unanswered Question
Jun 30th, 2009

I would like to use two different radius servers to one guest wlan.

One radius server is the Cisco NAC guest server, but I would like to use e.g. a RSA SecurID server as the second.

If the user does not exsist on the NAC guest server, the wlc should check the RSA server.

As I understand the servers mentioned under the layer 3 config tab on the wlan configuration tab is doing round-robin.

Is there any way that I can implement this?

Best regards,

Steffen Lindemann

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dancampb Tue, 06/30/2009 - 06:04

This could be difficult. The controller will send requests to the configured primary server until it is unavailable, then it would try the secondary. If the first one sends back an access-reject the controller would never send a request to the secondary server.

tim.riegert Mon, 07/13/2009 - 07:28

Is there anything on the roadmap for the NAC guest server to use AD as an external database?

It seems like it shouldn't be too difficult since the server is already using AD to map sponsor roles.

We really would prefer to use a single SSID instead separate SSIDs for guest and domain accounts.

Thanks in advance!


This Discussion



Trending Topics - Security & Network