Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1482
Views
5
Helpful
4
Replies

Cisco NAS IP is SSID interface IP and not WLC IP

Go to solution
stealthmode
Cisco Employee
Cisco Employee

‎05-27-2014 12:28 AM - edited ‎07-05-2021 12:54 AM

Hi,

The radius packets are being dropped on my ISE deployment because the NAS IP is being detected as the SSID IP and not the IP of the WLC. I want the IP of the WLC to be the NAS IP because the WLC is what I've configured as the NAD in the ISE itself.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Christos Stefaneskou
Level 1
Level 1
In response to stealthmode

‎05-27-2014 12:17 PM

Hi,

Can you share your wlan config?

I think "radius server overwrite interface" option is checked.

You can find this option under wlan->security->aaa servers.

If so please uncheck the box and try again.

 

Regards

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎05-27-2014 12:39 AM

You should use the NAS IP as Management interface IP of WLC.

 

Regards

0 Helpful

Go to solution
stealthmode
Cisco Employee
Cisco Employee
In response to Sandeep Choudhary

‎05-27-2014 01:00 AM

I have configured the management interface IP - 192.168.1.1 (from where I access the GUI) as the NAD in ISE.

 

The SSID interface IP is 192.168.7.1. Obviously, since this isn't configured as a NAD in ISE, the radius packets sourced from this IP are being dropped.

 

I have another SSID with IP 192.168.5.1, but in this case, the NAS IP mentioned in the ISE logs indicate the WLC Management IP which is perfectly fine and this is what should happen.

0 Helpful

Go to solution
Christos Stefaneskou
Level 1
Level 1
In response to stealthmode

‎05-27-2014 12:17 PM

Hi,

Can you share your wlan config?

I think "radius server overwrite interface" option is checked.

You can find this option under wlan->security->aaa servers.

If so please uncheck the box and try again.

 

Regards

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to stealthmode

‎05-27-2014 12:28 PM

Hi,

Agree with Christos.

When you enable the Radius Server Overwrite Interface option, the WLC will source all radius traffic for a WLAN using the dynamic interface configured on that WLAN.

Remove and try again.

Regards

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card