Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
889
Views
5
Helpful
2
Replies

9800 - 802.1x Fallback (Critical Services)

Aileron88
Level 1
Level 1

‎11-01-2022 03:43 AM

Hi,

Is there any way, using the Catalyst 9800 WLC's to configure a critical access policy to enable clients that authenticate with 802.1X to access the network when the RADIUS server is down? On the wired, we can select this to place users in a certain VLAN or apply a certain ACL depending on the critical auth configuration.

Many thanks

1 person had this problem
0 Helpful
2 Replies 2

marce1000
VIP
VIP

‎11-01-2022 04:47 AM

 

 - Ref : https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/dot1x.pdf

 >... 802.1X authentication does not work unless the network access device can
route packets to the configured authentication RADIUS server

   It is better to consider this as a none-issue because usually at least two radius servers are configured and used for a WLAN.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Aileron88
Level 1
Level 1

‎11-01-2022 05:25 AM

Thank you - so there is NO fallback for 802.1X. This is more around the capability, rather than the possibility of the RADIUS server going down. 

An additional question - if we're not using 802.1X, but MAB with Layer 2 Filtering - is there a way to fall back to a locally configured list of devices if the RADIUS server is down?

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card