Cisco Wireless controller with Cisco ACS 5.3 as Radius servers for fail over

Sakthi vel · ‎05-14-2014

Hi,

Our Setup is as explained below

Cisco Wireless Controller with Configured Cisco ACS 5.3 as Radius Server

Cisco ACS 5.3 has been integrated with AD for Wireless Authentication

We have Primary and secondary Servers which running on cisco acs 5.3.0.40.8 (In standalone mode)

These two entries has been mapped in SSID configurations of the Controller

We want fail over feature on this, in case of Primary ACS Server is reachable but due to some reasons failed to authenticate via AD (Ex: AD disconnection state in Primary ACS) it should fall back to secondary ACS for AD authentication

We tried the Radius fallback feature in WLC, but of no luck.

Is this possible, please help on this related to configurations.

Regards,

Sakthivel M

SANTHOSHKUMAR SARAVANAN · ‎05-14-2014

Hi Sakthivel ,

You can add both primary and secondary server under Radius authentication server with time out value , if you primary server doesnt respond within time out value , WLC will fall back to secondary server .

You can configure up to 17 RADIUS authentication and accounting servers each. For example, you may want to have one central RADIUS authentication server but several RADIUS accounting servers in different regions. If you configure multiple servers of the same type and the first one fails or becomes unreachable, the controller automatically tries the second one, then the third one if necessary, and so on.

If multiple RADIUS servers are configured for redundancy, the user database must be identical in all the servers for the backup to work properly.

https://supportforums.cisco.com/document/57301/cisco-wireless-lan-controller-wlc-and-cisco-acs-5x-tacacs-configuration-example-web

HTH

Sandy.