Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1085
Views
0
Helpful
4
Replies

Flexconnect authentication with radius server in remote site

junajunction
Level 1
Level 1

‎10-13-2014 03:06 AM - edited ‎07-05-2021 01:42 AM

 

Hi Guys, I will give a description of current flexconnect setup. we have ap's both in flexconnect mode in remote offices and in Local mode in Head office. The wlan ssid is same in both remote and headoffice (the ssid's are enabled with flex connect). The ssid authentication for headoffice users are configured with a windows 2008 radius server added in wlc and the ip address of the radius server in given under the wlan->Security->AAA server

the remote office ap's are added in flexconnect groups and the primary and backup radius servers are given in them. The primary and backup radius server given inside the flexconnect group are locally available servers in remote office.

Now problem. currently all the remote office users are also getting authenticated from the head office radius server. while the head office is unavailable they use the flexconnect group radius server. i want the remote office users to authenticate from the radius servers defined in the flexconnect groups as primary. and fall back to local authentication in ap, if the remote office radius server becomes unavailable. how to achieve this?

Labels:
0 Helpful
4 Replies 4

Dhiresh Yadav
Cisco Employee
Cisco Employee

‎10-13-2014 06:14 AM

Hi,

That should happen perfectly. What is yur WLC version ? In earlier versions of flexconnect like 7.2 , you would define the Radius servers on AAA page and then select them inside the flex cgroups.

 

In later version like 7.4 , you can define new local site radius server in the Flex connect group , Primary and secondary with shared keys. Go to flex AP console to see if those are pushed. Now you have added AAA radius server in the AAA client but have you also configured AAA client i.e flex APs in the local radius server ? 

> Is the SSID configured for Flec local Auth and Flex local switching under advanced tab ?

 

Regards

Dhiresh

Please rate helpful posts

0 Helpful

junajunction
Level 1
Level 1
In response to Dhiresh Yadav

‎10-13-2014 10:41 AM

Hi Dhiresh,

wlc is of version 7.4 and the primary/secondary radius servers are configured in flexconnect Ap's.

The flexconnect Ap's are also defined in the local radius servers with the shared keys.

The SSID's are configured for flex local switching

with flexconnect local auth turned on the clients get connected but the auth does not happen from the radius server, as radius server logs does not show any connection.

i need to get the ap's to auth from the local radius server in remote ofc.

 

Thank you for the reply

Arjun

0 Helpful

Dhiresh Yadav
Cisco Employee
Cisco Employee
In response to junajunction

‎10-13-2014 11:51 PM

Hi,

I have checked it long back multiples times and it should work. ..let me do a fresh check.

 

Regards

Dhiresh

 

0 Helpful

junajunction
Level 1
Level 1
In response to Dhiresh Yadav

‎10-14-2014 12:32 PM

Hi Dhiresh, i tried the same again today. The remote ap's are using the remote radius server for auth when the controller becomes unreachable for them. And once the controller connectivity is back for the ap's they switch back to central authentication. but this has not solved my problem of primary auth from remote radius server.still checking for some way to prioritize the radius server from the flexconnect groupsthanks you, Arjun

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card