10-13-2014 03:06 AM - edited 07-05-2021 01:42 AM
Hi Guys, I will give a description of current flexconnect setup. we have ap's both in flexconnect mode in remote offices and in Local mode in Head office. The wlan ssid is same in both remote and headoffice (the ssid's are enabled with flex connect). The ssid authentication for headoffice users are configured with a windows 2008 radius server added in wlc and the ip address of the radius server in given under the wlan->Security->AAA server
the remote office ap's are added in flexconnect groups and the primary and backup radius servers are given in them. The primary and backup radius server given inside the flexconnect group are locally available servers in remote office.
Now problem. currently all the remote office users are also getting authenticated from the head office radius server. while the head office is unavailable they use the flexconnect group radius server. i want the remote office users to authenticate from the radius servers defined in the flexconnect groups as primary. and fall back to local authentication in ap, if the remote office radius server becomes unavailable. how to achieve this?
10-13-2014 06:14 AM
Hi,
That should happen perfectly. What is yur WLC version ? In earlier versions of flexconnect like 7.2 , you would define the Radius servers on AAA page and then select them inside the flex cgroups.
In later version like 7.4 , you can define new local site radius server in the Flex connect group , Primary and secondary with shared keys. Go to flex AP console to see if those are pushed. Now you have added AAA radius server in the AAA client but have you also configured AAA client i.e flex APs in the local radius server ?
> Is the SSID configured for Flec local Auth and Flex local switching under advanced tab ?
Regards
Dhiresh
Please rate helpful posts
10-13-2014 10:41 AM
Hi Dhiresh,
wlc is of version 7.4 and the primary/secondary radius servers are configured in flexconnect Ap's.
The flexconnect Ap's are also defined in the local radius servers with the shared keys.
The SSID's are configured for flex local switching
with flexconnect local auth turned on the clients get connected but the auth does not happen from the radius server, as radius server logs does not show any connection.
i need to get the ap's to auth from the local radius server in remote ofc.
Thank you for the reply
Arjun
10-13-2014 11:51 PM
Hi,
I have checked it long back multiples times and it should work. ..let me do a fresh check.
Regards
Dhiresh
10-14-2014 12:32 PM
Hi Dhiresh, i tried the same again today. The remote ap's are using the remote radius server for auth when the controller becomes unreachable for them. And once the controller connectivity is back for the ap's they switch back to central authentication. but this has not solved my problem of primary auth from remote radius server.still checking for some way to prioritize the radius server from the flexconnect groupsthanks you, Arjun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide