09-06-2023 06:31 AM
I have been looking at a network that is already deployed and working. There is a single DNA node and two ISE nodes to authenticate Wireless clients. The AAA for device access is an external TACACS+ service (not ISE).
In the Design/Network Settings under AAA Server, only the 'Network' box is ticked and two AAA TACACS servers are defined. This is for admin access to the various switches and the WLC that DNA is managing. The 'Client/Endpoint' box isn't checked. On the same page but under the 'Wireless' tab I can see some SSID's defined with the AAA settings configured, but different servers (RADIUS obviously) to the 'AAA Server' on the 1st 'Network' page. I can't see where these RADIUS servers get configured in DNA.
09-06-2023 09:16 AM
what WLC Model ? these information may be coming from WLC when you sync the device ? ( aim in guess) - until you show the screenshot where you looking ?
09-06-2023 09:25 AM
Its a C9800 WLC. In the AAA settings for the SSID, the RADIUS servers appear in the drop-down list. The configuration on the C9800 WLC appears to be pushed from DNAC as the servers themselves are labelled 'dnac-radius_x.x.x.x' and the group is labelled 'dnac-rGrp-xxxxxxxx' where 'xxxxxxxxx' is the profile name. It really doesn't look like this was manually applied to the C9800 WLC.
09-08-2023 01:09 AM
Found it.... System, Settings, External Services, Authentication and Policy Servers
09-08-2023 02:36 AM
Cheers all good and glad that you found it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide