Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

WLC Multiple ACS Servers

I have a number of WLC using a Cisco ACS ver 4.2 on Windows and EAP TLS to authenticate Corporate WLAN clients from a back end domain.

Is there any way that is the WLC gets an authentication fail from the primary ACS it will attempt the secondary ACS?

This is not in the case of a ACS failure, but such as a certificate expiry on one of the ACSs.


Re: WLC Multiple ACS Servers

No, if the WLC gets a reject from one AAA it doesn't check the next server in the list.

If it gets no response it will check the next one.


Sent from Cisco Technical Support iPad App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

Re: WLC Multiple ACS Servers


Just like Steve mentioned, if the authenticator (WLC in our case) receives a reply from the RADIUS server (either success or fail) it does not go to the second server in the list.

In your case if there is an invalid certificate the authenticadtion will fail and the parimary server that receives the reqeust will reply with Access-Reject. So, because the radius replies the WLC just accepts that and declares success or fail to the end station.


Rating useful replies is more useful than saying "Thank you"
New Member

Re: WLC Multiple ACS Servers

Thanks this is what I thought, I am now looking to see if I can tie the ACS process on the windows server to the Cert so windows will disable to ACS process if the current cert has expired.

As this is all this ACS is doing at the momenet.


CreatePlease to create content