Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4526
Views
15
Helpful
6
Replies

WLC radius fallback

Go to solution
jino_jacob
Level 1
Level 1

‎10-14-2014 05:17 AM - edited ‎07-05-2021 01:43 AM

Hi Folks, 

Just  a quick question about radius fallback feature.

So If i use active radius fallback with two radius servers on the WLC, How does the function relate when I choose to override the use of default servers in the WLAN?

In other words, will the radius fallback functionality work the same for client authentication when I configure a WLAN/SSID to override the default servers.

 

Thanks

Jino

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rasika Nayanajith
VIP
VIP

‎10-14-2014 01:21 PM

Hi Jino,

Radius fall-back feature allows WLC to fall-back to primary RADIUS when it recovered from a failure (without this feature WLC will keep use the backup RADIUS even primary is recovered from a failure). Below explain it & taken from 7.4 Config Guide

The primary RADIUS server (the server with the lowest server index) is assumed to be the most preferable server for the controller. If the primary server becomes unresponsive, the controller switches to the next active backup server (the server with the next lowest server index). The controller continues to use this backup server, unless you configure the controller to fall back to the primary RADIUS server when it recovers and becomes responsive or to a more preferable server from the available backup servers.

So If i use active radius fallback with two radius servers on the WLC, How does the function relate when I choose to override the use of default servers in the WLAN?

Whatever you configured under WLAN will take precedence over global RADIUS configured. So that WLAN will use primary, secondary RADIUS as you configured on that WLAN. RADIUS-Fallback will kick in only if primary RADIUS failed (secondary will handle RADIUS for that WLAN) & once recovered to handover the RADIUS to the primary.

 

HTH

Rasika

**** Pls rate all useful responses ****

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Rasika Nayanajith
VIP
VIP

‎10-14-2014 01:21 PM

Hi Jino,

Radius fall-back feature allows WLC to fall-back to primary RADIUS when it recovered from a failure (without this feature WLC will keep use the backup RADIUS even primary is recovered from a failure). Below explain it & taken from 7.4 Config Guide

The primary RADIUS server (the server with the lowest server index) is assumed to be the most preferable server for the controller. If the primary server becomes unresponsive, the controller switches to the next active backup server (the server with the next lowest server index). The controller continues to use this backup server, unless you configure the controller to fall back to the primary RADIUS server when it recovers and becomes responsive or to a more preferable server from the available backup servers.

So If i use active radius fallback with two radius servers on the WLC, How does the function relate when I choose to override the use of default servers in the WLAN?

Whatever you configured under WLAN will take precedence over global RADIUS configured. So that WLAN will use primary, secondary RADIUS as you configured on that WLAN. RADIUS-Fallback will kick in only if primary RADIUS failed (secondary will handle RADIUS for that WLAN) & once recovered to handover the RADIUS to the primary.

 

HTH

Rasika

**** Pls rate all useful responses ****

0 Helpful

Go to solution
jino_jacob
Level 1
Level 1
In response to Rasika Nayanajith

‎10-16-2014 03:26 AM

Hi Rasika, 

 

Thank you for your response. I think you answered my question.

Do you know if there is any command on the WLC to check which radius server is currently active for a WLAN. or is debug AAA my only option to find this?

BTW, I have found your blog very helpful, it has tons of good information :-)

Cheers!!!

Jino

 

0 Helpful

Go to solution
Dhiresh Yadav
Cisco Employee
Cisco Employee
In response to jino_jacob

‎10-16-2014 04:48 AM

Hi ,

 

No command to check...Only debug right now but I think people have requested for this.

 

Regards

Dhiresh

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to Dhiresh Yadav

‎10-16-2014 05:52 AM

One thing I do in the GUI to overcome this issue is I look at the radius stats under MONITOR->STATISTICS->RADIUS SEVER

I peek at the counters .. 

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Go to solution
jino_jacob
Level 1
Level 1
In response to George Stefanick

‎10-16-2014 07:59 AM

Hi George, Thats a good trick. Thanks.

0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to jino_jacob

‎10-16-2014 08:04 AM

Know that if you have multiple WLANs each using radius one WLAN can fallback to the back up and the other still stay on the primary. So you could see stats still going up on both. 



Glad I could help. Thank you for the rating ! 

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card