05-22-2023 07:32 AM
I have SSID (corporate) configured to authenticate with external radius and also I configured local net users and I need to authenticate them with same ssid, so in need corporate ssid to authenticate both users from radius and local
By the way I configured local net users and I could successfully authenticate them through new ssid I configured but when I tried to authenticate them with corporate ssid I couldn't is there any limitation to use 2 methods of authentication
05-22-2023 07:44 AM
Hello
Take a look in IPSK solution
05-22-2023 01:25 PM
Are there any 2800/3800/4800/1560 used in this WLAN?
05-22-2023 03:00 PM
No we are using 3700
05-22-2023 06:33 PM
Hello,
What model of controller are you using and what version of code is it on ?
As far as limitations , not that I'm aware of , I suppose you can test this to make this work by setting the order of authentication that is what will be key here. You will have to ensure you set the order to be local first and then radius after.
- This same method/concept is generally recommend for TACACS+ access is well when you have local creds you want to be able to fall back to if using IOS-XE
05-22-2023 10:23 PM
I am using 8510 controller and 8.0 code , i tried with no success if i use the same SSID for radius and local , but when i use it with new ssid using only local it works fine even the priority order is local then radius
05-23-2023 06:33 AM
Okay understood.
So 8.0 is a deferred code, I would suggest being on the recommended code of 8.5.182 to take advantage of improvements and functionality of your wireless network.
Is there a reason why you need local users + radius ? I would suggest going with the best practice route of external radius to perform the authentication of all your users when doing 802.1x authentication
05-23-2023 11:56 PM
We are using ACS as radius that importing users from AD for all users , but these local users that we need to configure in the same SSID just they need WIFI so no need to add them in the AD
by the way if i upgrade to 8.5 is this issue going to resolve ?
Thank you in advance
05-24-2023 08:30 AM
I can't answer for certain if this will work on 8.5 code as I have not tested it but this will be your best path forward as the code you are on is a deferred code.
If the users just need internet access, you can just have them join a guest network or the new SSID you created for them to use if this is a temporary use case
05-25-2023 05:12 AM
Never tried that, but I don't think it will work.
I think you should be adding those users to ACS and letting radius handle them all.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide