×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

WLC RADIUS Fallback Questions

Answered Question
Aug 24th, 2012
User Badges:

We would like to configure RADIUS fallback to ensure RADIUS authentications always go to their primary ACS while it's available, but the documentation is not very clear with regard to the username configuration.


There is no mention of a password, but if you enable fallback - even with the default "cisco-probe" username, failures of that account show up on the ACS server log, so I'm assuming it's not working.


Can someone shed some light on how exactly this "cisco-probe" should work?


Thanks!

Correct Answer by Stephen Rodriguez about 4 years 11 months ago

There are three modes to fall back:


off - no fallback

passive - WLC sends the credentials to the 'dead' server when a user tries to authenticate

on - You configure a username, and an interval.  WLC sends the credentials to the 'dead' server at configured interval.


The password really doesn't matter, just that the WLC gets a packet back.  So getting a reject back from the server would bring it back 'alive' in the AAA list.


make sense?



HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Stephen Rodriguez Fri, 08/24/2012 - 13:17
User Badges:
  • Purple, 4500 points or more

There are three modes to fall back:


off - no fallback

passive - WLC sends the credentials to the 'dead' server when a user tries to authenticate

on - You configure a username, and an interval.  WLC sends the credentials to the 'dead' server at configured interval.


The password really doesn't matter, just that the WLC gets a packet back.  So getting a reject back from the server would bring it back 'alive' in the AAA list.


make sense?



HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

mmletzko Fri, 08/24/2012 - 13:22
User Badges:

Ah, yes, that does make sense.  Thank you for that explanation.  It would be nice if that is mentioned in the documentation.

Actions

This Discussion

Related Content

 

 

Trending Topics - Security & Network