At a customer site I've a large Wireless LAN deployment, using 2 WLC 5508. To provide optimal roaming, I configured mobility groups.
802.1x authentication is provided via ACS 5.3.
When shutting down the primary WLC, the clients are moved perfectly to the 2nd 5508 and back, when the 1st controller comes back.
When loosing connection to the primary ACS 5.3, the clients immediately start to authenticate against the 2nd ACS, but when the 1st ACS comes back, the clients are not "switched back" to this device for further authentication. Also WLAN clients new joining the WLAN will still use the 2nd ACS for authentication, even the 1st is fully up and operational.
When bringing down the 2nd ACS, the clients are not authenticating anymore, due to the fact, that they tried to use this device as authenticator regardless whether the 1st ACS ist up.
Testind 802.1x with wired clients, everything works fine - as soon as the 1st ACS server comes back, the clients are authenticating against this one, so I assume it has to do something with the configuration on the WLC's, but I did not find anything wrong.
Did anyone face the same situation or can somebody give me a hint, where to look at ?
Any tipp is very much appreciated