cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2364
Views
10
Helpful
4
Replies

C9800 - Radius Server Overwrite Interface

markus.forrer
Level 4
Level 4

Screenshot 2020-04-08 at 17.18.13.png

Does anyone know how to implement this feature on the C9800 ?
Need this for a PWLAN service where I have to source the radius request from the same interface as the clients are in...
At the moment the only way I see is to create this SSID for every interface It will be used

Best regards
Markus

4 Replies 4

On AireOS here is the CLI command

config wlan radius_server overwrite-interface enable <wlan_id>

 

It is not yet supported in IOS-XE (9800). You can use the below tool for config migration support 

https://cway.cisco.com/tools/WirelessConfigConverter/

 

HTH

Rasika

*** Pls rate all useful responses ***

Hi Rasika,
Thank you for the info. I guess the feature is still unavailable, right? Do you have any suggestion on its release date and/or version?

I do not know when this feature adding to IOS-XE, I would normally check release notes of upcoming IOS-XE releases (as of today it is 17.2.x)

 

HTH

Rasika

As the feature is still not here the following is a workaround for central switched wlan.

Define the Radius Server mutiple times with different source interface (require a L3 interface on the C9800

 

Interface Config:

interface Vlan10
description Radius Source Vlan 10
ip address 10.1.10.10 255.255.255.0

interface Vlan20
description Radius Source Vlan 20
ip address 10.1.20.10 255.255.255.0

 

Define Radius Server with the source interface

aaa group server radius RAD-VL10
server name RADIUS-SERVER
ip radius source-interface Vlan10

aaa group server radius RAD-VL20
server name RADIUS-SERVER
ip radius source-interface Vlan20

 

Define the authentication lists

aaa authentication dot1x AUTHC-RADIUS-VL10 group RAD-VL10
aaa authentication dot1x AUTHC-RADIUS-VL20 group RAD-VL20

 

Defne the same SSID multiple times with different radius authentication lists

wlan RADIUS-VLAN10 61 EXAMPLE-SSID
security dot1x authentication-list AUTHC-RADIUS-VL10

wlan RADIUS-VLAN20 62 EXAMPLE-SSID
security dot1x authentication-list AUTHC-RADIUS-VL20

Finally attach the right SSID to the Policy Profile

Hope this helps someone :)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: