Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Radius Authentication configure access points in flex connect mode

I would like to know how to configure the radius authentication if i configure access points in flex connect mode?


WLC is in main data center and different remote branches have AP's in different vlans than WLC in flex connect mode and  they are connected to main data center through WAN connection.

Radius server for client authentication is at main data center.

New Member

Hello Mohamedd!

Hello Mohammed!

You have several options for FlexConnect: local/central switching, local/central authentication.

In your case, i think, local swithing with central auth is fine. In this case AP send RADIUS request to WLC and WLC sent request to RADIUS server. But you can use local auth too. In this case AP will sent RADIUS request directly to RADIUS server. 

Step 1 Choose WLANs to open the WLANs page.

Step 2 Click the ID of the WLAN. The WLANs > Edit page appears.

Step 3 Click the Advanced tab to open the WLANs > Edit (WLAN Name) page.

Step 4 Select the FlexConnect Local Switching check box to enable FlexConnect local switching.

Step 5 Select the FlexConnect Local Auth check box to enable FlexConnect local authentication.

New Member

The radius servers are

The radius servers are configured under flexconnect groups which gets pushed to the flexconnect AP

Create a radius server on the WLC , note its index

Go to flexconnect group and map that index - radius server

WLAN mapped radius server will not get pushed to flex connect AP

New Member



if you choose central auth -> configure RADIUS server under SECURITY->AAA->RADIUS->authentication.

if you choose local auth -> configure RADIUS server under WIRELESS->FlexConnect Groups->[group]->General->AAA.

Important! You can configure also Local authentication on AP (RADIUS server on AP) is another option. WIRELESS->FlexConnect Groups->[group]->Local Authentication. It is different configuration. 

In summary, you have three option: configure central auth (through WLC), configure local external auth (AP send request to external RADIUS) and configure local internal auth (AP is a RADIUS server). 

CreatePlease to create content