Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
486
Views
0
Helpful
0
Comments

FlexConnect Local Auth. Usernames not showing in WLC/NCS

Vinay Sharma
Level 7
Level 7

‎02-24-2014 01:15 AM - edited ‎11-18-2020 03:06 AM

     

     

    Introduction

    User is using local RADIUS servers at each of their many campuses (for local dynamic VLAN assignment), while using a single set of controllers at the core of their network.

    A pair of 5508 controller in their central data center with 3602i APs around the various campuses. Also using FlexConnect groups to locally authenticate and switch the users.

    Right now, the config is working great as far as authentication and local switching goes. The problem user experiencing is that none of the authenticated usernames are being passed back to the controller and ultimately NCS.

    Problem Category

    Wireless

    Problem Subcategory

    Cisco 5500 Series Wireless Controllers

    Cisco Aironet 3600 Series Access Point

    Software

    WLC 5508 running 7.2.103.0

    Hardware

    Wireless LAN Controllers 5508

               Access Point 3602i

    Problem Description

    The problem user experiencing is that none of the authenticated usernames are being passed back to the controller and ultimately Cisco Prime Network Control System (NCS). This makes the tracking and troubleshooting of users difficult.

    Resolution

    Experts believe this is normal, since the ap is the authenticator and traffic does not pass back to the WLC, so the WLC does not have that information unlike if the WLAN was centrally switched and the WLC was the authenticator.

    More Information

    if learn client ip enabled under the flexconnect section then we can see the client's ip when AP is on connected mode, also it grabs other info like snr and rssi using the capwap control channel, however the username info is part of radius transaction that goes off of capwap control channel and doesn't hit the controller when local auth is enabled on WLAN's advanced tab or local authentication on AP itself. However, it is always possible to send the username to wlc from AP once the AP have the info when AP on connected mode.It is a valid ask work with your AM to get this addressed.

    Source

    This document was generated from the following discussion: FlexConnect Local Auth. Usernames not showing in WLC/NCS

    0 Helpful
    Getting Started

    Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

    Customers Also Viewed These Support Documents