Introduction
User is using local RADIUS servers at each of their many campuses (for local dynamic VLAN assignment), while using a single set of controllers at the core of their network.
A pair of 5508 controller in their central data center with 3602i APs around the various campuses. Also using FlexConnect groups to locally authenticate and switch the users.
Right now, the config is working great as far as authentication and local switching goes. The problem user experiencing is that none of the authenticated usernames are being passed back to the controller and ultimately NCS.
Problem Category
Wireless
Problem Subcategory
Cisco 5500 Series Wireless Controllers
Cisco Aironet 3600 Series Access Point
Software
WLC 5508 running 7.2.103.0
Hardware
Wireless LAN Controllers 5508
Access Point 3602i
Problem Description
The problem user experiencing is that none of the authenticated usernames are being passed back to the controller and ultimately Cisco Prime Network Control System (NCS). This makes the tracking and troubleshooting of users difficult.
Resolution
Experts believe this is normal, since the ap is the authenticator and traffic does not pass back to the WLC, so the WLC does not have that information unlike if the WLAN was centrally switched and the WLC was the authenticator.
More Information
if learn client ip enabled under the flexconnect section then we can see the client's ip when AP is on connected mode, also it grabs other info like snr and rssi using the capwap control channel, however the username info is part of radius transaction that goes off of capwap control channel and doesn't hit the controller when local auth is enabled on WLAN's advanced tab or local authentication on AP itself. However, it is always possible to send the username to wlc from AP once the AP have the info when AP on connected mode.It is a valid ask work with your AM to get this addressed.
Source
This document was generated from the following discussion: FlexConnect Local Auth. Usernames not showing in WLC/NCS