Solved: ## WLC TO RADIUS SERVER TO LDAP SERVER MONITORING ##

Sakthi vel · ‎10-08-2013

Dear All,

Our Wireless Setup is as below

Authentication : Radius

Clients will be Forwarding the Authentication request to ACS 5.3 Server and ACS 5.3 will forward the authentication to LDAP server

Here we have challenge of monitoring the Connectivity between WLC to ACS 5.3 and ACS 5.3 to LDAP (Authentication should be monitored)

ICMP monitoring is done already. But it won't provide the Logical Authentication with LDAP.

Request you to address this issue ASAP

Thanks & Regards,

Sakthivel M

Jatin Katyal · ‎10-12-2013

Hi Sakthivel,

For the WLC and radius connectivity and ensure it fallback to next available server. You may configure.

Active Mode

In active mode, when a server does not respond to the WLC authentication request, the WLC marks the server as dead, then moves the server to non-active server pool and starts sending probe messages periodically until that server responds. If the server responds, then the WLC moves the dead server to active pool and stops sending probe messages. In this mode, when an authentication request comes, the WLC always picks the lowest index (highest priority) server from the active pool of RADIUS servers.

The WLC sends a probe packet after timeout (default 300 sec) to determine server status in case the server was unresponsive earlier.

RADIUS Server Fallback Feature on Wireless LAN Controllers (WLC) Configuration Example

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008098987e.shtml#active

In ACS 5.3, while setting up LDAP servers, you have an option for secondary server. There is no probing mechanism but if it doesn't get reply from the first LDAP server in a specified time. It will start contacting the secondary server. So there is no typical mechanism to probe LDAP server within ACS.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

View solution in original post

Jatin Katyal · ‎10-12-2013

Hi Sakthivel,

For the WLC and radius connectivity and ensure it fallback to next available server. You may configure.

Active Mode

In active mode, when a server does not respond to the WLC authentication request, the WLC marks the server as dead, then moves the server to non-active server pool and starts sending probe messages periodically until that server responds. If the server responds, then the WLC moves the dead server to active pool and stops sending probe messages. In this mode, when an authentication request comes, the WLC always picks the lowest index (highest priority) server from the active pool of RADIUS servers.

The WLC sends a probe packet after timeout (default 300 sec) to determine server status in case the server was unresponsive earlier.

RADIUS Server Fallback Feature on Wireless LAN Controllers (WLC) Configuration Example

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008098987e.shtml#active

In ACS 5.3, while setting up LDAP servers, you have an option for secondary server. There is no probing mechanism but if it doesn't get reply from the first LDAP server in a specified time. It will start contacting the secondary server. So there is no typical mechanism to probe LDAP server within ACS.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Sakthi vel · ‎10-13-2013

Dear Jatin,

Thanks alot

-- Sakthivel M

Jatin Katyal · ‎10-13-2013

Glad it answered your question.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin