Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

problem with Allow AAA override

I have a problem with the feature ?allow AAA override? on the 4402 controller. software version

The radius is configured to send an authenticated client to a Wlan Interface tagged with the number 401 ?w-managed?.

In the WLAN configuration (GUI) I attach the SSID to an ?interface name? that I configured to be a ?guest? interface tagged with the number 410, meaning if I don?t get authentication from the radius, the client will be redirected to that ?guest? interface.

The problem is, even if I get authentication from the Radius, the controller still take control of that redirection. This means that besides having the Wlan 401 indication on the Radius server, I still have to maintain the ?interface name? synchronized with the Radius configuration in order to put the authenticated client on the w-managed interface.

Meaning that, if I had the ?interface name? on the Wlan?s edit (controller 4402 GUI) different from the radius configuration, the controller is redirecting the client to the ?guest? interface.

Overriding the override feature (allow AAA override).


Having the check box on the allow AAA override, or don?t having the check box, the controller will always assume his configuration.

Sorry my grammatical, I hope tou can understand and give me a help.

Best Regards

Pedro Bernardino


Re: problem with Allow AAA override

When AAA Override is enabled, and a client has AAA and controller WLAN authentication parameters that conflict, client authentication is performed by the AAA (RADIUS) server. As part of this authentication, the operating system moves clients to a VLAN returned by the AAA server. This is predefined in the controller interface configuration.

CreatePlease to create content