Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
FlexConnect Local Auth. Usernames not showing in WLC/NCS
User is using local RADIUS servers at each of their many campuses (for local dynamic VLAN assignment), while using a single set of controllers at the core of their network.
A pair of 5508 controller in their central data center with 3602i APs around the various campuses. Also using FlexConnect groups to locally authenticate and switch the users.
Right now, the config is working great as far as authentication and local switching goes. The problem user experiencing is that none of the authenticated usernames are being passed back to the controller and ultimately NCS.
The problem user experiencing is that none of the authenticated usernames are being passed back to the controller and ultimately Cisco Prime Network Control System (NCS). This makes the tracking and troubleshooting of users difficult.
Experts believe this is normal, since the ap is the authenticator and traffic does not pass back to the WLC, so the WLC does not have that information unlike if the WLAN was centrally switched and the WLC was the authenticator.
if learn client ip enabled under the flexconnect section then we can see the client's ip when AP is on connected mode, also it grabs other info like snr and rssi using the capwap control channel, however the username info is part of radius transaction that goes off of capwap control channel and doesn't hit the controller when local auth is enabled on WLAN's advanced tab or local authentication on AP itself. However, it is always possible to send the username to wlc from AP once the AP have the info when AP on connected mode.It is a valid ask work with your AM to get this addressed.