Re: Cisco AireOS WLC - Radius DNS Parameters

jegan_rajappa · ‎01-18-2020

I am exploring options to use DNS load-balancing for radius authentication, I am seeing very limited information in configuration guide, hence posting this question in cisco support community.

Here is the question: I am able to configure Radius DNS parameters in AireOS WLC (Screenshot 1), but I done see options to map radius server in WLAN AAA Servers (Screenshot 2), please advise

Screenshot 1

Screenshot 2

Scott Fella · ‎01-18-2020

The place you define that is a global setting and is used when wlan aaa is not defined. There is no support for dns radius on the wlan just strict ip. You can load balance behind a load balancer where the LB but the controller only does primary, secondary, etc.

-Scott
*** Please rate helpful posts ***

jegan_rajappa · ‎01-19-2020

Thanks Scott.

I have one more question now.

In WLC DNS timeout can be setup between 1 to 180 days, so WLC will send all the radius access-request to the IP the name (ise-radius.test.local) resolves and it uses the same IP until DNS timeout occurs.

How does WLC do failover (Trying to resolve DNS name again) when first IP is unreachable ?

Note:

I am planning to use InfoBlox DTC to make DNS load balancing (active/passive), until first IP is available DTC will resolve ise-radius.test.local to first IP, once first IP is unavailable DTC will resolve to second IP

Scott Fella · ‎01-19-2020

Not many use this but if you plan on using this feature, you have a single FQDN and you manage the servers ip’s behind that FQDN. The timeout is similar to the others but in this feature it’s how often the queries are updated. Here is a link to that feature, but you possible may want to test this in a lad setup to make sure it’s working how you want it to work.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/aaa_administration.html

-Scott
*** Please rate helpful posts ***