Flexconnect authentication with radius server in remote site
Hi Guys, I will give a description of current flexconnect setup. we have ap's both in flexconnect mode in remote offices and in Local mode in Head office. The wlan ssid is same in both remote and headoffice (the ssid's are enabled with flex connect). The ssid authentication for headoffice users are configured with a windows 2008 radius server added in wlc and the ip address of the radius server in given under the wlan->Security->AAA server
the remote office ap's are added in flexconnect groups and the primary and backup radius servers are given in them. The primary and backup radius server given inside the flexconnect group are locally available servers in remote office.
Now problem. currently all the remote office users are also getting authenticated from the head office radius server. while the head office is unavailable they use the flexconnect group radius server. i want the remote office users to authenticate from the radius servers defined in the flexconnect groups as primary. and fall back to local authentication in ap, if the remote office radius server becomes unavailable. how to achieve this?
That should happen perfectly. What is yur WLC version ? In earlier versions of flexconnect like 7.2 , you would define the Radius servers on AAA page and then select them inside the flex cgroups.
In later version like 7.4 , you can define new local site radius server in the Flex connect group , Primary and secondary with shared keys. Go to flex AP console to see if those are pushed. Now you have added AAA radius server in the AAA client but have you also configured AAA client i.e flex APs in the local radius server ?
> Is the SSID configured for Flec local Auth and Flex local switching under advanced tab ?
Hi Dhiresh, i tried the same again today. The remote ap's are using the remote radius server for auth when the controller becomes unreachable for them. And once the controller connectivity is back for the ap's they switch back to central authentication. but this has not solved my problem of primary auth from remote radius server.still checking for some way to prioritize the radius server from the flexconnect groupsthanks you, Arjun
IntroductionHow to use the Wireless LAN Controller Configuration Analyzer (WLCCA)
Javier Contreras is a Senior Tech Lead for the Wireless Business Unit in Cisco, with over 2 decades of experi...
< PRE >
(#)For this reason being that : - application that doesn't use multicast, sends one copy of each packet ( data unit of traffic at layer 3 ) to each client (" who seeks the traffic ).- application that does use multicast, sends ...
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...