Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

WLC radius discussion

   Hi all,

I have a mixed setup of WLC and autonomous AP in my network architecture. In our setup all wireless clients passes through mac authentication and then user id/password  authentication. I want for mac authentication request should go to ACS server 1   while for user credential verification the request should go to server2 . In auto nomous AP i can achieve the requirement with folowing configuration.

aaa group server radius rad_eap

server 172.X.Y.103 auth-port 1812 acct-port 1813

aaa group server radius rad_mac

server 172.X.Y.104 auth-port 1812 acct-port 1813

aaa authentication login mac_methods group rad_mac

aaa authentication login eap_methods group rad_eap

radius-server host 172.X.Y.103 auth-port 1812 acct-port 1813 key 7 120A0D16190E2C0C2B25201F6231361B2921

radius-server host 172.X.Y.104 auth-port 1812 acct-port 1813 key 7 0448030704246C4608170120430F180C041C

By the above configuration in AP I can send the mac auth request to 172.X.Y.104 server and EAP authentication to 172.X.Y.103 server.

How ever I want to do the same on my WLC also.

Can anyone guide me how to do the same in GUI or through command line?

Everyone's tags (1)
1 REPLY
Cisco Employee

Re: WLC radius discussion

If you want to do MAC filtering on one WLAN and standard 802.1x on another you can select which RADIUS server to use is the Security tab -> AAA Servers of each WLAN. To do both on the same WLAN there is no functionality on the WLC to allow you to split the roles the way you want to. Sorry.

-Eric

Cisco Wireless TAC

Sent from Cisco Technical Support iPhone App

367
Views
0
Helpful
1
Replies