Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
856
Views
0
Helpful
3
Replies

AAA ordering question

Go to solution
Dylan Hyndman
Level 1
Level 1

‎12-15-2010 04:09 AM - edited ‎07-03-2021 07:33 PM

Hi can someone explain to me how the WLC (4402) decides which server to use for AAA?

I have two servers set up as AAA servers, One with a server index of 1 and the other with an index of 2

Index 1 =  x.x.x.70

Index 2 =  x.x.x.38

Under the AAA tab of one of my wlans I have them listed as:

Server 1 = x.x.x.38

Server 2 = x.x.x.70

Is it the Index number thats the deciding factor? or is it the order in which they are listed under the AAA tab in the wlan config page?

Cheers

Dylan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Surendra BG
Cisco Employee
Cisco Employee
In response to Dylan Hyndman

‎12-15-2010 04:40 AM

Hi,

There are two ways to set the priority of the Radius server. If you have the Radius servers defined under the WLAN the server defined as Server 1 will be used first, Server 2 will be used second, and so on. If you don't have the Radius servers listed under the WLAN they will be used in the order they are listed in the global config (index number).

The Radius fallback configuration will also come into play.  If you have Radius fallback disabled when the primary Radius server fails the controller will start using the secondary but it won't move back to the primary until either the secondary fails or the controller is rebooted. If you have it enabled the controller will start using the primary server when it becomes available again.

So on top of my head these are the things whic are coming..

Can you please check the failed logs on the server to make sure there aren't any messages about the requests from the controller?  Could be that the shared secret key isn't matching or the controller isn't defined in the server.

Even try pinging the server from WLC and see the connectivity..

or even..

check if there is any firewall problem between the WLC and the RADIUS server.


Lemme know if this answered your question!!

Regards

Surendra

====

Please dont forget to rate the usefull post which answered your question or was helpfull

Regards
Surendra BG

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Surendra BG
Cisco Employee
Cisco Employee

‎12-15-2010 04:13 AM

Hi,

Its the order in which you have placed under WLAN.. that is..

Server 1 = x.x.x.38

Server 2 = x.x.x.70

First it will try to contact .38 and if this fails then goes to .70

Lemme know if this answered your question..

Regards

Surendra
===

Please dont forgte to rate the posts which answered your question or was helpfull

Regards
Surendra BG
0 Helpful

Go to solution
Dylan Hyndman
Level 1
Level 1
In response to Surendra BG

‎12-15-2010 04:21 AM

Hi Surendra,

That was how I thought it worked, however I am noticing AAA requests in the server 2 - x.x.x.70.  I would imagine that for some reason the wlc has decided to send requests to .70 due to a connection issue or something to .38. I know that server 1 - x.x.x.38 is functioning and that it has had traffic from this wlc in the past (and is still receiving requests from other wlc's) so I don’t understand why it is choosing .70 over .38? This has still been the case after a reboot. What relevance does the Index number have?

Dylan

0 Helpful

Go to solution
Surendra BG
Cisco Employee
Cisco Employee
In response to Dylan Hyndman

‎12-15-2010 04:40 AM

Hi,

There are two ways to set the priority of the Radius server. If you have the Radius servers defined under the WLAN the server defined as Server 1 will be used first, Server 2 will be used second, and so on. If you don't have the Radius servers listed under the WLAN they will be used in the order they are listed in the global config (index number).

The Radius fallback configuration will also come into play.  If you have Radius fallback disabled when the primary Radius server fails the controller will start using the secondary but it won't move back to the primary until either the secondary fails or the controller is rebooted. If you have it enabled the controller will start using the primary server when it becomes available again.

So on top of my head these are the things whic are coming..

Can you please check the failed logs on the server to make sure there aren't any messages about the requests from the controller?  Could be that the shared secret key isn't matching or the controller isn't defined in the server.

Even try pinging the server from WLC and see the connectivity..

or even..

check if there is any firewall problem between the WLC and the RADIUS server.


Lemme know if this answered your question!!

Regards

Surendra

====

Please dont forget to rate the usefull post which answered your question or was helpfull

Regards
Surendra BG
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card