Today we have created One new SSID without having any RADIUS server authentication.

Client is able to get IP address from this SSID and also they can access Network via these SSID.

So we have to use RADIUS server authentication, Can anybody suggest what will be the issue in configuration.

Thanks in Advance.

Is it possible to post both the SSID config by removing the ip and ssid name details?

Also is the authentication is getting successful while using Radius?

Are u using NPS or ISE as radius?

When i run test aaa show radius command i see the message below

Radius test request

Wlan-id...........................0

ApGroup Name...............none

No Radius Test Response.

We are using NPS as radius.

DHCP part will come post the successful authentication via Radius server. On the WLC go to monitoring ->Client- > Filter with MAC address of client and then click on client check what is the status of client whether its DHCP_Req or 802.1x req.

If its DHCP required please try to make this changes and see if its working. 

Option 1:

Check the DHCP proxy is enabled or not ? If its enabled. Make sure that DHCP IP address is configured on the Interface of clients in WLC. (Controller > Advanced > DHCP) Ref DHCP Proxy

Option 2:

Make the AP as Flexconnect from local. Enable the Flexconnect local switching option in SSID under advanced.

If DHCP addr. assignment is enabled on SSID please disable it. Also disable the DHCP proxy. 

If the status of client is 802.1x req. then you have to troubleshoot on authentication part.

This worked for me

Hello, 

We have 2 WLC in HA. We have used 4 ip addresses 

WLC 1:

Management IP : 10.-.-.126

Redundancy Management IP: 10.-.-.124

Peer Redundancy Management IP: 10.-.-.123

WLC 2:

Management IP: 10.-.-.125

Redundancy Management IP: 10.-.-.123

Peer Redundancy Management IP: 10.-.-.124

I would like to know whether the redundancy IP addresses play any role with Radius server? We have added both the management IP addresses of WLC's to communicate with my radius servers through my firewall. Is redundancy ip address also required? or they are used only between the 2 WLC's to check the health of each other.

As mentioned i have attached the config file. Please let me know if you want any more details.

No, Redundancy IP will not communicate for radius authentication. Also no need to add Both controllers IP address in Radius server. Radius request will be sent through the Management IP you are accessing, Secondary Controller also will have the Same Management IP post HA SSO enabled.

Please disable the DHCP Server and DHCP Address assigment option in SSID under advanced.  On the Interface of Management check whether DHCP IP address is configured or not ? If not please configure it. Check my another reply on the same post as well please.

Hope it will resolve your issue.

Hello, 

We Entered the Radius key again in the WLC and it resolved the problem. Thanks for your help.

Great!

If my response was helpful or resolved your issue. Please mark as solution and rate the same.