cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
919
Views
0
Helpful
3
Replies

## WLC TO RADIUS SERVER TO LDAP SERVER MONITORING ##

Sakthi vel
Level 1
Level 1

Dear All,

Our Wireless Setup is as below

Authentication : Radius

Clients will be Forwarding the Authentication request to ACS 5.3 Server and ACS 5.3 will forward the authentication to LDAP server

Here we have challenge of monitoring the Connectivity between WLC to ACS 5.3 and ACS 5.3 to LDAP (Authentication should be monitored)

ICMP monitoring is done already. But it won't provide the Logical Authentication with LDAP.

Request you to address this issue ASAP

Thanks & Regards,

Sakthivel M

1 Accepted Solution

Accepted Solutions

Jatin Katyal
Cisco Employee
Cisco Employee

Hi Sakthivel,

For the WLC and radius connectivity and ensure it fallback to next available server. You may configure.

Active Mode

In active mode, when a server does not respond to the WLC       authentication request, the WLC marks the server as dead, then moves the server       to non-active server pool and starts sending probe messages periodically until       that server responds. If the server responds, then the WLC moves the dead       server to active pool and stops sending probe messages. In this mode, when an       authentication request comes, the WLC always picks the lowest index (highest       priority) server from the active pool of RADIUS servers.

The WLC sends a probe packet after timeout (default 300 sec) to       determine server status in case the server was unresponsive earlier.

RADIUS Server Fallback Feature on Wireless LAN Controllers (WLC) Configuration Example

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008098987e.shtml#active

In ACS 5.3, while setting up LDAP servers, you have an option for secondary server. There is no probing mechanism but if it doesn't get reply from the first LDAP server in a specified time. It will start contacting the secondary server. So there is no typical mechanism to probe LDAP server within ACS.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

View solution in original post

3 Replies 3

Jatin Katyal
Cisco Employee
Cisco Employee

Hi Sakthivel,

For the WLC and radius connectivity and ensure it fallback to next available server. You may configure.

Active Mode

In active mode, when a server does not respond to the WLC       authentication request, the WLC marks the server as dead, then moves the server       to non-active server pool and starts sending probe messages periodically until       that server responds. If the server responds, then the WLC moves the dead       server to active pool and stops sending probe messages. In this mode, when an       authentication request comes, the WLC always picks the lowest index (highest       priority) server from the active pool of RADIUS servers.

The WLC sends a probe packet after timeout (default 300 sec) to       determine server status in case the server was unresponsive earlier.

RADIUS Server Fallback Feature on Wireless LAN Controllers (WLC) Configuration Example

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008098987e.shtml#active

In ACS 5.3, while setting up LDAP servers, you have an option for secondary server. There is no probing mechanism but if it doesn't get reply from the first LDAP server in a specified time. It will start contacting the secondary server. So there is no typical mechanism to probe LDAP server within ACS.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Dear Jatin,

Thanks alot

-- Sakthivel M

Glad it answered your question.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin