hello together, I'm currently make a PoC with the 9800 controllers at the customer.
which way/interface/network is used for the raidus authentication at the 9800-cl?
I have two 9800-cl under vmware in APSSO mode and the interfaces are configured:
-> Device Management interface: map it to the out of band management network.
-> assigned an IP to this interface, not switchport
-> IP assignment was over the vmware OVA deploymend wizard
-> Wireless Management interface: map it to your network to reach APs and services. Usually this interface is a trunk to carry multiple vlans
-> it's a trunk port and the vlans are assigned
-> vlan interface 98 is my mgmt for wireless mgmt
'-> High Availability interface: map it a separated network for peer to peer communication for SSO
-> its works..
I seen in the NPS server, the request comes from gig1-ip-address, then sometimes from vlan-interface-wireless-mgmt-ip, in ha szenario with the gig1-ip-address from the standby unit.
the default route is on the interface with vlan-wireless-mgmt-ip, also can I reach the nps server via ping
Its possible to fix the "way" for RADIUS requests?
Solved! Go to Solution.
On the WLAN which you have configured ser whether the *Radius server overwrite interface* is enabled or disabled.
If that is enabled the radius traffic will be via the interface IP address , which is mapped to that WLAN. For an example: if you have configured vlan 98 with IP 10.1.10.10 for that specific WLAN. Then you have enabled the Radius server overwrite interface option. In this scenario the interface IP 10.1.10.10 will be the NAS IP address.
If that is disabled then the traffic will be through the management interface of the WLC