Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Backup RADIUS servers

Hi, I have a wireless configuration that works great for me. I have a small wireless network of 5 different offices with 5 AP's. I have all Cisco AP's using Microsofts IAS as my RADIUS server, and group policy to push out the wireless configurations to my windows clients.

What I'm wanting to do is make my secondary domain controller, my secondary IAS (RADIUS) server. I've configured my IAS settings on the secondary server identical to my primary DC. I need to know if what I'm looking at changing in my AP configuration will give me the results I'm looking for.

What I want to do is configure my access points so that if my primary domain controller goes offline, then my secondary controller will start authenticating to the AP's. I'm wondering if all I need to do is add the secondary server to my aaa radius server group. Or do I need to add it as the radius-server host, or both. Or is what I'm trying to do even possible with how I'm trying to do it?

Let me know if I need to provide any more information to make my goal or what I'm working with more clear.

Thanks,

Matt

4 REPLIES
Hall of Fame Super Gold

Re: Backup RADIUS servers

I'd add the second server IP Address to your aaa radius server group.

New Member

Re: Backup RADIUS servers

If that's all there is to it, then I'll test first thing tomorrow morning.

Thanks for the prompt reply!

Silver

Re: Backup RADIUS servers

Remember that you can use the "test aaa group" command to make sure that authentication to your backup server is working without having to break your primary link.

New Member

Re: Backup RADIUS servers

I couldn't get the "test aaa group" command to work correctly. Trouble with the profile portion I think. I just couldn't make it happy. I just got on when no one was connected to the wireless and disabled the IAS service on the primary DC and reloaded the AP. It came up fine and it broadcast fine. My test laptop however, wasn't able to log on to the network. As soon as I enabled the IAS service on my primary DC, it was able to log on to the network.

Is there a command that I can enter to verify how the AP was authenticated to the domain? It would be nice to make sure it is authenticating to the secondary IAS IP address.

Thanks for all your responses.

Matt

224
Views
0
Helpful
4
Replies
CreatePlease to create content