Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Radius Fallback Option Cisco WLC 2504


I have cisco WLC 2504 I configure two windows Radius server on that wlc. Both Radius server working fine, But when primary radius server down. Secondary not comes up. Please help me out when my primary radius server goes down how automatically secondary comes up. Fallback mode passive, Active & off  which one should I select  it;s ask username what is the meaning of username. Where I get this username. 




Rahul Wankhade



Hi Rahul,I hope below link

Hi Rahul,

I hope below link clearly explains your answer.

To summaries

There are three modes to fall back:

Off - no fallback

Passive - WLC sends the credentials to the 'dead' server when a user tries to authenticate

On - You configure a username and an time interval.  WLC sends the credentials to the 'dead' server at configured interval.

The password is not really checked here and all WLC is checking is whether it is getting any response back.  So getting a reject back from the server would bring it back 'alive' in the AAA list.

Hope that helps.



New Member

Dear Najaf, Thanks for your

Dear Najaf,


Thanks for your mail, But I am not understand username can I use anything in the wlc. Which one fallback 

option recommended. 


Hi Rahul,My recommendation

Hi Rahul,

My recommendation would be active.

When you enable active fallback you get an option to specify a username. You can enter your own username or leave it with the default. The default username is “cisco-probe”. Because this username is used to send probe messages, you do not need to configure any password.

Hope that helps.



Please rate when applicable or helpful !!!

 a. Choose Security > AAA >


a. Choose Security > AAA > RADIUS > Fallback to open the RADIUS > Fallback Parameters to open the fallback parameters page.


b. From the Fallback Mode drop-down list, choose one of the following options:

Off—Disables RADIUS server fallback. This is the default value.

Passive—Causes the controller to revert to a server with a lower priority from the available backup servers without using extraneous probe messages. The controller ignores all inactive servers for a time period and retries later when a RADIUS message needs to be sent.

Active—Causes the controller to revert to a server with a lower priority from the available backup servers by using RADIUS probe messages to proactively determine whether a server that has been marked inactive is back online. The controller ignores all inactive servers for all active RADIUS requests. Once the primary server receives a response from the recovered ACS server, the active fallback RADIUS server no longer sends probe messages to the server requesting the active probe authentication.

CreatePlease login to create content