Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Can I define Multiple Radius Servers in Access Points ?

Hey guys,

Can I define multiple radius servers in WAP ?

e.g

 

aaa group server radius rad_eap_1
server x.x.x.1 auth-port 1645 acct-port 1646
server x.x.x.1 auth-port 1645 acct-port 1646

 

aaa group server radius rad_eap_2
server x.x.x.2 auth-port 1645 acct-port 1646
server x.x.x.2 auth-port 1645 acct-port 1646

 

aaa group server radius rad_eap_3
server x.x.x.3 auth-port 1645 acct-port 1646
server x.x.x.3 auth-port 1645 acct-port 1646

 

Any help will be greatfull 

 

Thanks

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Gold

Yes you can. 

Yes you can. 

New Member

aaa group server radius rad

aaa group server radius rad_eap
server x.x.x.1 auth-port 1645 acct-port 1646
server x.x.x.2 auth-port 1645 acct-port 1646
server x.x.x.3 auth-port 1645 acct-port 1646

aaa authentication login eap_methods group rad_eap
radius-server host x.x.x.1 auth-port 1645 acct-port 1646 key yourkey
radius-server host x.x.x.2 auth-port 1645 acct-port 1646 key yourkey
radius-server host x.x.x.3 auth-port 1645 acct-port 1646 key yourkey

 

Also, under your ssid

authentication network-eap eap_methods

5 REPLIES
Hall of Fame Super Gold

Yes you can. 

Yes you can. 

New Member

Thanks for the reply I need

Thanks for the reply I need one more clarification, I need to create a new vlan with new servers, here is the config I prepare let me know if this is correct or not;

 

 


dot11 ssid TA-Khan
   vlan <new-number>
   authentication open eap eap_methods 
   authentication key-management wpa

interface Dot11Radio0
 encryption vlan <new-number> mode ciphers tkip 
 ssid TA-Khan

interface Dot11Radio0.<new-number>
 encapsulation dot1Q <new-number>
 bridge-group <new-number>

 
interface Dot11Radio1
 encryption vlan <new-number> mode ciphers tkip 
 ssid TA-Khan
 
 
interface Dot11Radio1.<new-number>
 encapsulation dot1Q <new-number>
 bridge-group <new-number>
  
  
interface GigabitEthernet0.<new-number>
 encapsulation dot1Q <new-number>
 bridge-group <new-number>
  
 
aaa group server radius rad_eap
server X.X.X.1 auth-port 1645 acct-port 1646  
server X.X.X.2 auth-port 1645 acct-port 1646  
server X.X.X.3 auth-port 1645 acct-port 1646
server X.X.X.4 auth-port 1645 acct-port 1646

aaa authentication login eap_methods group rad_eap 
radius-server host X.X.X.1 auth-port 1645 acct-port 1646  key --------
radius-server host X.X.X.2 auth-port 1645 acct-port 1646  key --------
radius-server host X.X.X.3 auth-port 1645 acct-port 1646  key --------
radius-server host X.X.X.4 auth-port 1645 acct-port 1646  key --------

New Member

aaa group server radius rad

aaa group server radius rad_eap
server x.x.x.1 auth-port 1645 acct-port 1646
server x.x.x.2 auth-port 1645 acct-port 1646
server x.x.x.3 auth-port 1645 acct-port 1646

aaa authentication login eap_methods group rad_eap
radius-server host x.x.x.1 auth-port 1645 acct-port 1646 key yourkey
radius-server host x.x.x.2 auth-port 1645 acct-port 1646 key yourkey
radius-server host x.x.x.3 auth-port 1645 acct-port 1646 key yourkey

 

Also, under your ssid

authentication network-eap eap_methods

New Member

Thanks for the reply guys I

Thanks for the reply guys I need one more clarification, I need to create a new vlan with new servers, here is the config I prepare let me know if this is correct or not;

 

 


dot11 ssid TA-Khan
   vlan <new-number>
   authentication open eap eap_methods 
   authentication key-management wpa

interface Dot11Radio0
 encryption vlan <new-number> mode ciphers tkip 
 ssid TA-Khan

interface Dot11Radio0.<new-number>
 encapsulation dot1Q <new-number>
 bridge-group <new-number>

 
interface Dot11Radio1
 encryption vlan <new-number> mode ciphers tkip 
 ssid TA-Khan
 
 
interface Dot11Radio1.<new-number>
 encapsulation dot1Q <new-number>
 bridge-group <new-number>
  
  
interface GigabitEthernet0.<new-number>
 encapsulation dot1Q <new-number>
 bridge-group <new-number>
  
 
aaa group server radius rad_eap
server X.X.X.1 auth-port 1645 acct-port 1646  
server X.X.X.2 auth-port 1645 acct-port 1646  
server X.X.X.3 auth-port 1645 acct-port 1646
server X.X.X.4 auth-port 1645 acct-port 1646

aaa authentication login eap_methods group rad_eap 
radius-server host X.X.X.1 auth-port 1645 acct-port 1646  key --------
radius-server host X.X.X.2 auth-port 1645 acct-port 1646  key --------
radius-server host X.X.X.3 auth-port 1645 acct-port 1646  key --------
radius-server host X.X.X.4 auth-port 1645 acct-port 1646  key --------

New Member

Thanks for the reply guys I

  

213
Views
5
Helpful
5
Replies
CreatePlease to create content