WCS question

Unanswered Question
Aug 16th, 2009
User Badges:

Guys currently we have one ACS server for all wirless authentication.....we are putting another one for redundancy....i will be config replication from primary to secondary.....while i was suring arojund in WCS i have noticed that when adding another authentocation server it asked abt shared secret.....now where i can find that in ACS....or shd i copy and past the exsisting one from primary ACS.......guys i am stuck plz help me

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
The_guroo_2 Mon, 08/17/2009 - 17:23
User Badges:

Thanks for your prompt reply.....now i will explain bit more as reading the doco didnt solve my problem.....the WCS server which i connect through web has all access point listed all over country's offices...so it has a list.....they all do authentication from ACS primary which authntoicate them with windows AD.....now i went to primary ACS server all the Access point are listed but the server address is not there from which i can add things for all Acesss points so i guess it a managment server.....now i will be putting redundant ACS i have already installed the server and as recommended by cisco i have already ping all the access point across and it works now when i will do replication i will get all the info from primary ACS server......i am thinking plz correct me if i am wrong i will add secondry ACS in authentication list servers in WCS and will apply to all of the wirless access points am i right or wrong???? there when i was making a second templete it ask abt password and shared secret what shd i put in.....swhd i copy from primary ACS which is already present in WCS and paste it in secondaty as well???? i am confuse abt this plesase help me out thanks

Lucien Avramov Mon, 08/17/2009 - 18:44
User Badges:
  • Red, 2250 points or more

okay this is completely unrelated to WCS.

You need to configure the ACS server on the WLC GUI, not the WCS.

Yes you can add the secondary ACS if there is such option on the WLC, in that case, when the primary ACS is down, the other one will be used.

Robert.N.Barrett_2 Tue, 08/18/2009 - 10:26
User Badges:
  • Bronze, 100 points or more

Your WLC's must be configured to use the secondary ACS server. This is a configuration change you can make directly via the WLC gui (go to Security -> AAA -> RADIUS -> Authentication). You can also make the changes via WCS via Configure -> Controllers -> -> Security -> AAA.

Don't confuse this with WCS screens about RADIUS/TACACS you will see by going to Administration -> AAA.

The new ACS server must also be configured to accept RADIUS authentication requests from the WLC's, which will be in the Network Configuration -> AAA Clients.

RADIUS authentication requests coming to ACS from a WLC are hashed (weakly encrypted) with the shared secret. Therefore, the shared secret for the RADIUS server (ACS Server) you configure on the WLC must match the shared secret you configure for the AAA Client (the WLC) configured on the ACS server. Think of the shared secret as something like a WEP key - it has to be the same on each end of the conversation. YOU determine the shared secret.

The_guroo_2 Sat, 08/22/2009 - 04:23
User Badges:

Thanks for your reply.....Now i am adding a secondry ACS server which will get replication....so shd i copy the shared secret in WLC (primary one) and paste it to the secondary one as secondary will copy everything from primary....will that work??? thanks

Lucien Avramov Sun, 08/23/2009 - 08:05
User Badges:
  • Red, 2250 points or more

Yes that will work.

Don't forget to add the secondary ACS in the WLC


This Discussion



Trending Topics - Security & Network