What do you do if your ACS server is down and your clients authenticate wit

Chuck Smith · ‎05-13-2006

OK so I am setting up a wireless network that is going to have about 500 AP’s on it. There are about 30 at each remote location. I want to use LEAP for authentication. If the WAN connection at a site goes down or worse the ACS server is dead, how can clients authenticate until the server comes back up? I have fully configured WDS at each site and also have a WLSE server. Is there a caching system built into any of these systems?

ggehle · ‎05-14-2006

There is no user authentication credential caching. If the WAN link is down and you don't have a local ACS, then users won't be able to authenticate. However, an alternative is to run some other RADIUS service (such as Microsoft's IAS) if you have local DCs (assuming you are a Windows shop) at your remote locations. IAS is a decent fallback RADIUS server.

As for a down ACS, I would seriously consider a secondary one to provide some redundnacy. I have four: 2 for most of our remote sites to use, 1 at our largest site in North America, and 1 in South America. With that much redundancy, I can take down any of the ACS servers for maintenance/upgrades, and the users don't notice.

Also, on my network I have taken the approach that if the WAN link is down, users not being able to authenticate to wireless is a moot issue since many of our apps are hosted centrally and a down WAN link means even the wired users are down.