Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

wlc works by authenticator server

Hi

In flex-connect local switching wlc work by authenticator server, or each ap contact the authentication server ?

I would like to hear your opinion I think the wlc works by autenticator in 802.1x, all client send in tunnel capwap 802.1x message to wlc that act like proxy.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: wlc works by authenticator server

Yes and no. If you have created a FlexConnect Group, in there you specify the radius server and the shared secret so when communication is lost between the AP and the WLC, 802.1x authentication still works. If the WLC is up and the FlexConnect AP's are joined to the WLC, then the WLC sends the request to the radius server. So depends in if the FlexConnect is connected or standalone.

http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob73dg/ch7_HREA.html

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
2 REPLIES
Hall of Fame Super Silver

Re: wlc works by authenticator server

Yes and no. If you have created a FlexConnect Group, in there you specify the radius server and the shared secret so when communication is lost between the AP and the WLC, 802.1x authentication still works. If the WLC is up and the FlexConnect AP's are joined to the WLC, then the WLC sends the request to the radius server. So depends in if the FlexConnect is connected or standalone.

http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob73dg/ch7_HREA.html

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Cisco Employee

Re: wlc works by authenticator server

There are different scenarios:-

1. Central Dot1X Authentication (Flex 7500 Acting as Authenticator)

2. Central Dot1X Authentication (FlexConnect APs Acting as Authenticator)

3. Local Authentication

Before the 7.0.98.0 code release, local authentication was supported only when FlexConnect is in Standalone Mode to ensure client connectivity is not affected during WAN link failure. With the 7.0.116.0 release, this feature is now supported even when FlexConnect access points are in Connected Mode.

4. Dot1X Authentication (FlexConnect APs Acting as Local-EAP Server)

Link:-

https://www.cisco.com/en/US/docs/wireless/controller/technotes/7.5/Flex_7500_DG.html

196
Views
0
Helpful
2
Replies
CreatePlease to create content