Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WLC radius fallback

Hi Folks, 

Just  a quick question about radius fallback feature.

So If i use active radius fallback with two radius servers on the WLC, How does the function relate when I choose to override the use of default servers in the WLAN?

In other words, will the radius fallback functionality work the same for client authentication when I configure a WLAN/SSID to override the default servers.

 

Thanks

Jino

 

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

Hi Jino,Radius fall-back

Hi Jino,

Radius fall-back feature allows WLC to fall-back to primary RADIUS when it recovered from a failure (without this feature WLC will keep use the backup RADIUS even primary is recovered from a failure). Below explain it & taken from 7.4 Config Guide

The primary RADIUS server (the server with the lowest server index) is assumed to be the most preferable server for the controller. If the primary server becomes unresponsive, the controller switches to the next active backup server (the server with the next lowest server index). The controller continues to use this backup server, unless you configure the controller to fall back to the primary RADIUS server when it recovers and becomes responsive or to a more preferable server from the available backup servers.

So If i use active radius fallback with two radius servers on the WLC, How does the function relate when I choose to override the use of default servers in the WLAN?

Whatever you configured under WLAN will take precedence over global RADIUS configured. So that WLAN will use primary, secondary RADIUS as you configured on that WLAN. RADIUS-Fallback will kick in only if primary RADIUS failed (secondary will handle RADIUS for that WLAN) & once recovered to handover the RADIUS to the primary.

 

HTH

Rasika

**** Pls rate all useful responses ****

6 REPLIES
VIP Purple

Hi Jino,Radius fall-back

Hi Jino,

Radius fall-back feature allows WLC to fall-back to primary RADIUS when it recovered from a failure (without this feature WLC will keep use the backup RADIUS even primary is recovered from a failure). Below explain it & taken from 7.4 Config Guide

The primary RADIUS server (the server with the lowest server index) is assumed to be the most preferable server for the controller. If the primary server becomes unresponsive, the controller switches to the next active backup server (the server with the next lowest server index). The controller continues to use this backup server, unless you configure the controller to fall back to the primary RADIUS server when it recovers and becomes responsive or to a more preferable server from the available backup servers.

So If i use active radius fallback with two radius servers on the WLC, How does the function relate when I choose to override the use of default servers in the WLAN?

Whatever you configured under WLAN will take precedence over global RADIUS configured. So that WLAN will use primary, secondary RADIUS as you configured on that WLAN. RADIUS-Fallback will kick in only if primary RADIUS failed (secondary will handle RADIUS for that WLAN) & once recovered to handover the RADIUS to the primary.

 

HTH

Rasika

**** Pls rate all useful responses ****

New Member

Hi Rasika,  Thank you for

Hi Rasika, 

 

Thank you for your response. I think you answered my question.

Do you know if there is any command on the WLC to check which radius server is currently active for a WLAN. or is debug AAA my only option to find this?

BTW, I have found your blog very helpful, it has tons of good information :-)

Cheers!!!

Jino

 

Hi , No command to check..

Hi ,

 

No command to check...Only debug right now but I think people have requested for this.

 

Regards

Dhiresh

One thing I do in the GUI to

One thing I do in the GUI to overcome this issue is I look at the radius stats under MONITOR->STATISTICS->RADIUS SEVER

I peek at the counters .. 

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Hi George, Thats a good trick

Hi George, Thats a good trick. Thanks.

Know that if you have

Know that if you have multiple WLANs each using radius one WLAN can fallback to the back up and the other still stay on the primary. So you could see stats still going up on both. 



Glad I could help. Thank you for the rating ! 

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
267
Views
15
Helpful
6
Replies