Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

two different radius authentication methods on one guest wlan

I would like to use two different radius servers to one guest wlan.

One radius server is the Cisco NAC guest server, but I would like to use e.g. a RSA SecurID server as the second.

If the user does not exsist on the NAC guest server, the wlc should check the RSA server.

As I understand the servers mentioned under the layer 3 config tab on the wlan configuration tab is doing round-robin.

Is there any way that I can implement this?

Best regards,

Steffen Lindemann

2 REPLIES
Gold

Re: two different radius authentication methods on one guest wla

This could be difficult. The controller will send requests to the configured primary server until it is unavailable, then it would try the secondary. If the first one sends back an access-reject the controller would never send a request to the secondary server.

Community Member

Re: two different radius authentication methods on one guest wla

Is there anything on the roadmap for the NAC guest server to use AD as an external database?

It seems like it shouldn't be too difficult since the server is already using AD to map sponsor roles.

We really would prefer to use a single SSID instead separate SSIDs for guest and domain accounts.

Thanks in advance!

508
Views
0
Helpful
2
Replies
CreatePlease to create content