Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

What interface does the WLC talk from for Radius Auth

I have the situation where I need to talk to multiple different Radius servers depending on the WLAN.  Some of the WLANs are not able to route traffic over my entire network, and within these secure areas the Radius server for that area sit.  Is there away that I can instruct the WLC to use its virtual interface to make the Radius Auth instead of using the WLCs Management interface?

Thanks

Randy Moore

Everyone's tags (2)
6 REPLIES
Hall of Fame Super Silver

Re: What interface does the WLC talk from for Radius Auth

The communication from the WLC and Radius uses the management ip of the wlc. Your defined AAA client in radius has to use the management ip... The VIP will not work.

Why wouldn't you have routing between the management and the subnet(s) your radius server is on?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: What interface does the WLC talk from for Radius Auth

Hi Scott,


Thanks for the reply.  We have the setup we have as two companies in the middle of a JV and different support models/needs in a new office. I don't want to have two WLCs and APs throughout the building so we are doing 1 with different needs.... Due to the different support arrangements a PC from one legacy company is not allowed on the network of the others... Lot's of fun.

Thanks again for the help.

Randy

Hall of Fame Super Silver

Re: What interface does the WLC talk from for Radius Auth

It doesn't matter if the user WLAN does not route to your radius subnet(s)... It matters that your management ip routes to your radius subnet(s).

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Re: What interface does the WLC talk from for Radius Auth

To add to this ... If you have a WLC in the DMZ and you do say office extends or 802.1X in some flavor you would need to allow access from the radius server to the DMZ WLC managment address.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________

Re: What interface does the WLC talk from for Radius Auth

Cant the "Radius Server Overwrite interface" feature be used here, where in the interface mapped to WLAN will be used to reach the RADIUS server

Thanks

NikhiL

Hall of Fame Super Silver

Re: What interface does the WLC talk from for Radius Auth

You can do vlan override... This will change the vlan a user will be placed on depending on what vlan id you specify on the radius server. The wlc has to have a dynamic interface on each of the vlans.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
1898
Views
4
Helpful
6
Replies