I have been having a lot of issues with clients at a site that have a WLC and use EAP-TLS to an ACS server across the WAN. Most of the issues are roaming related in that the re-authentication time is very long. I have implemented QOS for the RADIUS traffic but they are still reporting problems.
Looking at the logs on the WLC (126.96.36.199) I see messages simliar to this one for all 5 ACS servers.
RADIUS server 10.x.x.x:1645 deactivated in global list
RADIUS server 10.x.x.x:1645 failed to respond to request (ID 65) for client 00:0b:6b:87:54:d2 /user 'unknown'
What concerns me is the word "deactivated". Does this mean that if an unknown client attempts to connect to this wlan and ACS is unable to authenticate it then the ACS server is "disabled" by the WLC?
Is this the case?