Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Radius selection order in WLC

Hi,

I am a bit confused as to how RADIUS servers are selected in a WLC.

The Cisco Controller Docs AND  built in WLC Help both are VAUGE.

       For security, I was expecting a doc that would show the complete selection logic and defaults, so that

       we can complete understand the selections available !!

My Question is :-

In a case where Network Users and WLANS use 802.1x in any form (i.e Static WEP+802.1x / 802.1x / WPA+WPA2 with 802.1x for key)

A.  If I do not select any servers under WLAN->Security->AAA, but have RADIUS 17 servers defined

     Then will the system cycle through the 17 servers that can be defined, but only those with NETWORK USER checked ?

B. If I select only 1 server under WLAN->Security->AAA and that server did NOT have the "NETWORK USER" option checked,

         

      B1.  Will the WLC use that server ?

       B2. Will it stop looking for more servers if that is not found ?

             B3. Will it then fallback to Local Net Users ? (Even if  local EAP is not checked)

             B4. Or Fallback to Local EAP if set?

C. Also what is the role of the 3 LDAP servers that can be selected on WLAN->Security->AAA ?

    C1. Is it to limit the LDAP servers for Local EAP, which **HAVE** LDAP as one of the listed methods for user auth in the  priority  ?

     C2. Or It it for Web Auth AND Local EAP ?

Thanks

1 REPLY
Cisco Employee

Re: Radius selection order in WLC

You may refer the below listed doc

Look under the section:

Choose the AAA Servers tab. From the Authentication Servers (RADIUS) drop-down menu, choose the appropriate RADIUS server. This server is used to authenticate the wireless clients.

http://www.ciscounity.info/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665d18.shtml#c2

The below listed doc demonstrates how to configure the RADIUS server fallback feature with Wireless LAN Controllers (WLCs).

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008098987e.shtml

Choose the AAA Servers tab. From the Authentication Servers (RADIUS) drop-down menu, choose the appropriate RADIUS server. This server is used to authenticate the wireless clients.



Local EAP is supported by LDAP server as its backend database to retrieve user credentials. Also, ldap only supports the following eap methods. It doesn't support Peap with mschap v1/v2.


EAP-FAST/GTC

EAP-TLS

PEAPv1/GTC.


For more info, please visit the below mentioned link:


Local EAP Authentication on the Wireless LAN Controller with EAP-FAST and LDAP Server Configuration Example

http://cisco.biz/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml


HTH

JK


Do rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
1149
Views
0
Helpful
1
Replies
CreatePlease to create content