Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
627
Views
5
Helpful
4
Replies

WLC2504 Enabling AAA Auth and Acct without Adding Servers?

Go to solution
Matthew Martin
Level 5
Level 5

‎04-03-2019 11:21 AM - edited ‎07-05-2021 10:11 AM

Hello All,

 

I've noticed a few of our WLANs, that aren't used with out Cisco ISE server, seem to have the Authentication and Accounting Servers enabled under WLAN > Security > AAA Servers. But, they do not have any servers selected in the dropdown boxes beneath the checkboxes. See below:

 

WLAN_AAA-Servers.png

 

The CLI running-config shows the following for this WLAN:

Radius Servers
   Authentication................................ Global Servers
   Accounting.................................... Global Servers

I'm curious what the purpose of enabling this is without selecting Servers, and if this will actually do anything without first selecting AAA Auth and Acct servers from the dropdown boxes?

 

Thanks in Advance,

Matt

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Haydn Andrews
VIP Alumni
VIP Alumni

‎04-03-2019 03:10 PM

If you have AAA Auth and Accounting ticked on the WLAN and have not defined any servers the WLAN will use the Global AAA servers defined under the Security>AAA>RADIUS>Authentication/ Accounting 

section of the WLC.

 

If RADIUS servers are mapped per WLAN, then controller do not use RADIUS server from the global list on that WLAN

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/aaa_administration.html

 

 

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

View solution in original post

4 Replies 4

Go to solution
Haydn Andrews
VIP Alumni
VIP Alumni

‎04-03-2019 03:10 PM

If you have AAA Auth and Accounting ticked on the WLAN and have not defined any servers the WLAN will use the Global AAA servers defined under the Security>AAA>RADIUS>Authentication/ Accounting 

section of the WLC.

 

If RADIUS servers are mapped per WLAN, then controller do not use RADIUS server from the global list on that WLAN

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/aaa_administration.html

 

 

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

Go to solution
Matthew Martin
Level 5
Level 5
In response to Haydn Andrews

‎04-04-2019 09:39 AM

Hey Haydn, thanks for the reply.

 

Ok, so it will just use whatever is defined under Security > AAA > RADIUS > Accounting/Auth servers list, if enabled and no servers are selected. Instead of specifically using the servers I choose (*in the order I chose them), it'll just use any servers defined under AAA Radius Acct/Auth server's list, correct?

 

-Matt

 

 

0 Helpful

Go to solution
Haydn Andrews
VIP Alumni
VIP Alumni
In response to Matthew Martin

‎04-04-2019 03:28 PM

Correct if you define them under the WLAN it will use them in that order. I believe if no luck with them will also use anything in the global list.

If nothing defined then will use the global list, not sure if it does it in any order

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
0 Helpful

Go to solution
Matthew Martin
Level 5
Level 5
In response to Haydn Andrews

‎04-05-2019 09:35 AM

Thanks Haydn, much appreciated.

As a side note, I did see Start/Stop/Interim-Update Accounting messages for this WLAN on our ISE servers, which are the RADIUS Acct/Auth servers that I have configured for a few other WLANs.

Thanks Again,
Matt
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card