Solved: Which WLC IP is carried to Radius server during 802.1x authentication

anandpathak012 · ‎12-30-2018

Hi all,

Can you please help me in understanding as which IP is carried to the authentication server during 802.1x authentication.

I understand during any L2 authentication, WLC carries it's IP address to authentication server as the client is yet to receive an IP address, but how does it differ in case WLC is configured with SSO, does WLC carries it's ,management IP , Redundancy Management IP, or Peer Redundancy Management

Thanks,

Anand Pathak

ammahend · ‎12-31-2018

The controller sources RADIUS traffic from the IP address of its management interface unless the configured RADIUS server exists on a VLAN accessible via one of the controller Dynamic interfaces. If a RADIUS server is reachable via a controller Dynamic interface, RADIUS requests to this specific RADIUS server will be sourced from the controller via the corresponding Dynamic interface.

for SSO it should be Management VIP

I would also recommend reading this article, for per WLAN radius source options

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-2/config-guide/b_cg82/b_cg82_chapter_01100111.pdf

-hope this helps-

View solution in original post

ammahend · ‎12-31-2018

The controller sources RADIUS traffic from the IP address of its management interface unless the configured RADIUS server exists on a VLAN accessible via one of the controller Dynamic interfaces. If a RADIUS server is reachable via a controller Dynamic interface, RADIUS requests to this specific RADIUS server will be sourced from the controller via the corresponding Dynamic interface.

for SSO it should be Management VIP

I would also recommend reading this article, for per WLAN radius source options

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-2/config-guide/b_cg82/b_cg82_chapter_01100111.pdf

-hope this helps-