Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Local Authentication Only for Guest WLAN - Block RADIUS

Hi. I have two wlan's, one secure for employees, one open for guests.

The secure wlan is using radius to authenticate domain users. And the guest wlan is set to use web-auth.

I would like to limit access to the guest wlan to Only local accounts created on the controller. However, it falls back to the radius server when a local account doesn't exist.

Is there any way to block the radius fallback only for the guest wlan? Should I be looking to prevent this on the radius server, or can it be done on the WLC?

This is a 4404 WLC v4.1, and about 50 1130 AP's.

Thanks for any advice.

New Member

Re: Local Authentication Only for Guest WLAN - Block RADIUS

Well, I normally don't reply to myself, but I found a way to implement this.

By creating a bogus RADIUS server and setting it as the AAA server for the guest wlan only the local accounts are able to authenticate on the guest wireless network.

This is more of a RADIUS DOS, but it's working for me.