06-04-2012 01:09 PM - edited 07-03-2021 10:14 PM
Lets say i have a 5508 wlc and have configured a wlan with web-auth and radius authentication
The one and only configured radius server goes offline. In the event this should happen, is it possible to allow clients to connect anyway? auth none as secondary?
Appreciate any thoughts
Solved! Go to Solution.
06-04-2012 01:32 PM
Chris,
No, unfortunately not. Once you select 802.1X (Radius) you are bound to that security type. The controller will not allow NON EAP traffic on that WLAN unless it gets a EAP SUCCESS frame. The EAP success frame from the radius is sent to the WLC and it tell the WLC to open the controlled port to allow traffic to pass.
Top of my head alternatives:
You might consider another SSID with the same name with a OPEN security. Manually enable after failure of radius server
.
Create the user accounts on the WLC and allow the WLC to act as your radius server.If you have a large environment may not be realistic.
06-05-2012 11:33 PM
#webauth and radius uses pap/chap/md-5, however conditional and splash page web redirect uses dot1x.
#You can fallback between Local/Radius/LDAP for webauth based on priority order for web-auth user
In your case you can set webauth priority as Radius, Local.
06-04-2012 01:32 PM
Chris,
No, unfortunately not. Once you select 802.1X (Radius) you are bound to that security type. The controller will not allow NON EAP traffic on that WLAN unless it gets a EAP SUCCESS frame. The EAP success frame from the radius is sent to the WLC and it tell the WLC to open the controlled port to allow traffic to pass.
Top of my head alternatives:
You might consider another SSID with the same name with a OPEN security. Manually enable after failure of radius server
.
Create the user accounts on the WLC and allow the WLC to act as your radius server.If you have a large environment may not be realistic.
06-05-2012 11:33 PM
#webauth and radius uses pap/chap/md-5, however conditional and splash page web redirect uses dot1x.
#You can fallback between Local/Radius/LDAP for webauth based on priority order for web-auth user
In your case you can set webauth priority as Radius, Local.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide