Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

RADIUS query with different interface than Management

Hi there,

I am currently setting up a wireless controller which is to service several SSIDs which are mapped to physically separated LANs.

So far there has been no problem in doing the config.

However I discovered later that for each SSID a separate RADIUS server has to be queried, which are also in physically separated networks and where no routing exists/will exist.

Now my question is, if there is any possibility to somehow tell the WLC to use a different source interface in order to enable the usage of

RADIUS Server 1 on Network A for SSID A and to use

RADIUS Server 2 on Network B for SSID B.

Regards,

Patrick

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: RADIUS query with different interface than Management

I just stumbled upon what might be the solution in this case.

Under WLAN Edit page for a SSID under Security -> AAA Servers there is a checkbox called

"Radius Server Overwrite interface".

All RADIUS requests are sent out on the dynamic-interface this SSID is mapped to.

I'll test this and will get back with the results.

11 REPLIES
Cisco Employee

RADIUS query with different interface than Management

Go to WLAN Edit page >> Layer 2 >> AAA servers >> Radius Server Priority >> Selct wat ever Radius Server u wanna map it to to that WLAN.

Please dont forge tto rate the usefull posts!!

Regards

Surendra

New Member

RADIUS query with different interface than Management

Hi Surendra,

the selection of the RADIUS server is not the problem. My problem is the source interface the WLC takes in order to send the query to the server. It is always the Management interface.

If I would configure the management interface with an IP from Network A it will not be able to send the query to the RADIUS server in Network B since the networks themselves cannot see each other.

I would like to know if there is a somehow a possibility to allow a different RADIUS source interface e.g. allow a dynamic interface.

Regards,

Patrick

Re: RADIUS query with different interface than Management

It's way past my bed time. But wanted to throw this out there and maybe you could test it .. You can add routes in the wlc. But you would need a static coming back ...

I dont see any other way around it ... Cause u are right ... Wlc uses the management address ...

Sent from Cisco Technical Support iPad App

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Re: RADIUS query with different interface than Management

I already considered the routing, when we ordered the WLC.

I should have added that it is a 2500 series controller, sorry. They don't support the routing feature.

Funnily when connecting to CLI I can issue the command show route summary

To be honest I cannot understand, why it is not implemented.

New Member

Re: RADIUS query with different interface than Management

I just stumbled upon what might be the solution in this case.

Under WLAN Edit page for a SSID under Security -> AAA Servers there is a checkbox called

"Radius Server Overwrite interface".

All RADIUS requests are sent out on the dynamic-interface this SSID is mapped to.

I'll test this and will get back with the results.

Re: RADIUS query with different interface than Management

What code are you on ?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________

Re: RADIUS query with different interface than Management

I am not all that surpirsed becuase the smaller WLCs lack some features, but I am surprised it doesnt support routing! LOL

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Re: RADIUS query with different interface than Management

I tested the feature and authentication requests via the dynamic-interface were successful when enabling this feature.

@George: We run the latest code 7.0.116.0, which must be the first where this feature got introduced. I don't recall seeing it in 7.0.98.0.

However the explanation of this feature is found in the documentation of WCS. Not a single mention in the WLC documentation.

Regarding the routing feature. I have tested it also on a 5508 WLC. As soon as you try to define a gateway, which is not in the service-port subnet you'll get an error, which is effectively the same problem.

But as the "Radius Server Overwrite interface" feature does exactly what I needed, this issue is solved.

RADIUS query with different interface than Management

The route commands on the WLC are for forcing traffic out of the service port.  I wouldn't generally recommend using these unless you absolutley had to force traffic out the service-port to get OOB management working.

HTH,

Steve

----------------------------------------------------------------------------------------------------------

Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

RADIUS query with different interface than Management

Is that right? So any static routes added in the WLC will go out the service port ?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________

RADIUS query with different interface than Management

Yes, sir.

Command Referrence

It's been that way, as long as I can remember, which goes back to 3.2...god I feel old

HTH,

Steve

----------------------------------------------------------------------------------------------------------

Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
4677
Views
0
Helpful
11
Replies