Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

WCS question

Guys currently we have one ACS server for all wirless authentication.....we are putting another one for redundancy....i will be config replication from primary to secondary.....while i was suring arojund in WCS i have noticed that when adding another authentocation server it asked abt shared where i can find that in ACS....or shd i copy and past the exsisting one from primary ACS.......guys i am stuck plz help me


Re: WCS question

Follow the config guide:

You need to add the WCS server as a AAA client on the Network Configuration

This should resolve your question

Community Member

Re: WCS question

Thanks for your prompt i will explain bit more as reading the doco didnt solve my problem.....the WCS server which i connect through web has all access point listed all over country's it has a list.....they all do authentication from ACS primary which authntoicate them with windows i went to primary ACS server all the Access point are listed but the server address is not there from which i can add things for all Acesss points so i guess it a managment i will be putting redundant ACS i have already installed the server and as recommended by cisco i have already ping all the access point across and it works now when i will do replication i will get all the info from primary ACS server......i am thinking plz correct me if i am wrong i will add secondry ACS in authentication list servers in WCS and will apply to all of the wirless access points am i right or wrong???? there when i was making a second templete it ask abt password and shared secret what shd i put in.....swhd i copy from primary ACS which is already present in WCS and paste it in secondaty as well???? i am confuse abt this plesase help me out thanks

Re: WCS question

okay this is completely unrelated to WCS.

You need to configure the ACS server on the WLC GUI, not the WCS.

Yes you can add the secondary ACS if there is such option on the WLC, in that case, when the primary ACS is down, the other one will be used.

Re: WCS question

Your WLC's must be configured to use the secondary ACS server. This is a configuration change you can make directly via the WLC gui (go to Security -> AAA -> RADIUS -> Authentication). You can also make the changes via WCS via Configure -> Controllers -> -> Security -> AAA.

Don't confuse this with WCS screens about RADIUS/TACACS you will see by going to Administration -> AAA.

The new ACS server must also be configured to accept RADIUS authentication requests from the WLC's, which will be in the Network Configuration -> AAA Clients.

RADIUS authentication requests coming to ACS from a WLC are hashed (weakly encrypted) with the shared secret. Therefore, the shared secret for the RADIUS server (ACS Server) you configure on the WLC must match the shared secret you configure for the AAA Client (the WLC) configured on the ACS server. Think of the shared secret as something like a WEP key - it has to be the same on each end of the conversation. YOU determine the shared secret.

Community Member

Re: WCS question

Thanks for your reply.....Now i am adding a secondry ACS server which will get shd i copy the shared secret in WLC (primary one) and paste it to the secondary one as secondary will copy everything from primary....will that work??? thanks

Re: WCS question

Yes that will work.

Don't forget to add the secondary ACS in the WLC

CreatePlease to create content