Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2389
Views
5
Helpful
4
Replies

FlexConnect Local Authentication

CHANDIMAL RATNAYAKE
Level 1
Level 1

‎03-10-2014 06:39 PM - edited ‎07-05-2021 12:23 AM

Hi Guys,

In the process of implementing a Virtual WLC. Just want to find out about FlexConnect Local authentication process. My question is am I able to configure FlexConnect groups to send client athentication (PEAP Authentication) requests to a local RADIUS (MS NPS) server when LWAPs lose Connectivity to the vWLC.

Thanks in Advance

Labels:
0 Helpful
4 Replies 4

Scott Fella
Hall of Fame
Hall of Fame

‎03-10-2014 06:43 PM

FlexConnect Groups allow you to define the primary and or secondary radius in case the AP goes into standalone mode.

FlexConnect Groups and Backup RADIUS Servers

You can configure the controller to allow a FlexConnect access point in standalone mode to perform full 802.1X authentication to a backup RADIUS server. You can configure a primary backup RADIUS server or both a primary and secondary backup RADIUS server. These servers can be used when the FlexConnect access point is in of these two modes: standalone or connected.

-Scott
*** Please rate helpful posts ***
0 Helpful

CHANDIMAL RATNAYAKE
Level 1
Level 1
In response to Scott Fella

‎03-10-2014 06:51 PM

Thanks for the Quick response Scott. I've already configured Primary and Secondary RADIUS servers in my FlexConnect group. Is that all I have to do to allow APs to forward 802.1X requests when WLC is unavailable? Also I'm using MS NPS as my RADIUS. Do I have to create RADIUS client entries for all APs in the FlexConnect group?

Thanks in Advance

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to CHANDIMAL RATNAYAKE

‎03-10-2014 10:02 PM

You do not have to create a AAA client for each FlexConnect access point. Using FlexConnect Groups will define the radius when in standalone. FlexConnect groups take care of that. Old autonomous way you need to have each AP defined as a AAA client in radius. Here is a good read https://netboyers.wordpress.com/category/wlc/
-Scott
*** Please rate helpful posts ***

Florin Barhala
Level 6
Level 6
In response to Scott Fella

‎03-11-2014 02:23 AM

Hi Scott,

I enabled Local Authentication (PEAP) on a FlexConnect scenario and obviously not working. After just reading your post, I got the reason: requests are sourced by AP and this AP is not registered with the Radius Server. Thank you!


About using FlexConnect Groups not requiring the previous AP&RADIUS Server registration. How’s this possible?

Supposing AP transits in standalone mode and Local Authentication is enabled, BUT there is no registration on the RADIUS server for the authenticating AP, is this AP going to use the WLC IP from its configuration ?

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card