Flexconnect and radius auth from AP multiple SSID of same name

Leif Harald · ‎09-09-2015

Hi!

My main issue:

I want to be able to get the accounting radius info to several firewalls from the same SSID.

As of now we have one 5508 (sw 7.6.130.0) controller that has APs on 5 physical locations where 4 of the locations are connected with site to site vpn. All aps are setup as flexconnect.

All locations have one SSID with radius login where we're using NPS servers. I do have a NPS at every location but now its the NPS at the main location that is doing all the auth.

Since I'm unable to make more than two SSID with the same name (with different radius and accounting server), I'm struggling to get the accounting to all the firewalls. (error message: WLAN with duplicate SSID and L2 security policy found)

Is it possible to do local radius auth direct from the AP in Flex to the local NPS and thus let the local NPS return the accounting to the local firewall?

I've earlier got the local auth to work as backup auth when the controller is offline, but can't get it to work with radius integrated with NPS and AD and not the local users then one can add on the controller.

Thanks!

matthew gosling · ‎09-09-2015

yes, you can do local auth from Flex-Connect APs to a local RADIUS server.

Ric Beeching · ‎09-09-2015

To build on matthew's response..

1) Select FlexConnect local auth under the WLAN setting for that single SSID

2) Put each site's APs into a FlexConnect Group

3) Edit each group to put in the local RADIUS/NPS Server to auth against

Ric

-----------------------------
Please rate helpful / correct posts