Re: Radius DNS

geeyc5113 · ‎11-26-2018

Hi,

Does anyone have the idea what is Radius DNS in WLC? What is the function for this? I have gone tru the document from cisco, non of the document describe clearly and example of radius dns. Most of the document just tell you how to configure.

marce1000 · ‎11-26-2018

- As far as I understand this only relates to specifying the DNS name(s) of the intended radius servers for a particular WLAN.

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

patoberli · ‎11-27-2018

Where exactly did you find this option? Maybe a screenshot would be helpful.

geeyc5113 · ‎11-27-2018

hi, Here it is

patoberli · ‎11-27-2018

Now I remember it.
Here the explanation from the manual:
RADIUS DNS
You can use a fully qualified domain name (FQDN) that enables you to change the IP address when needed, for example, for load balancing updates. A submenu, DNS, is added to the Security > AAA > RADIUS menu, which you can use to get RADIUS IP information from a DNS. The DNS query is disabled by default

Source: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/aaa_administration.html

And here the more detailed explanation (also same link):

Step 29
Specify the RADIUS DNS parameters as follows:
Note
IPv6 is not supported for RADIUS DNS.
Choose Security > AAA > RADIUS > DNS. The RADIUS DNS Parameters page appears.
Check or uncheck the DNS Query check box.
In the Port Number text box, enter the authentication port number. The valid range is 1 to 65535.
The accounting port number is an increment of 1 of the authentication port number. For example, if you define the authentication port number as 1812, the accounting port number is 1813. The accounting port number is always derived from the authentication port number.
From the Secret Format drop-down list, choose the format in which you want to configure the secret. Valid options are ASCII and Hex.
Depending on the format selected, enter and confirm the secret.
Note
All servers are expected to use the same authentication port and the same secret.
In the DNS Timeout text box, enter the number of days after which the DNS query is refreshed to get the latest update from the DNS server.
In the URL text box, enter the fully qualified domain name or the absolute domain name of the RADIUS server.
In the Server IP Address text box, enter the IP address of the DNS server.
Click Apply.

geeyc5113 · ‎11-29-2018

"You can use a fully qualified domain name (FQDN) that enables you to change the IP address when needed, for example, for load balancing updates. A submenu, DNS, is added to the Security > AAA > RADIUS menu, which you can use to get RADIUS IP information from a DNS."

From the statement, actually I still dont know what is the purpose of the radius DNS. Is there any example?

patoberli · ‎11-29-2018

I sadly don't have an example. I think though, the reason is the traditional Radius configuration. So far it's only possible to configure the Radius with the IP address of the server, not a hostname. I think this feature here would allow you to configure an additional radius server, but this time with a hostname instead of an IP address. For example if your Radius is load-balanced with a hostname or maybe a cloud based solution, where the IP address could change.

But this is just guess work on my side, I've never actually used this feature, nor have found a more comprehensive guide.