01-21-2025 12:22 PM
Has anyone used a 9800-40 as a "Radius Server" to authenticate guest users on the wireless guest SSID? We have a situation where we need to migrate off of Prime. We currently use Prime to create and manage all guest users by our help desk and local IT for all our regional locations. The Anchor controller resides in the DMZ and Security has forbidden the Help Desk and the local IT to have access to the Anchor. As the Foreign controller is permitted such access, I was thinking we could leverage it as the Radius server from the Anchor. We have done some initial configurations and testing. The Web-Auth pages present and accept the UN/PW but fail to complete the authentication. Any thoughts/suggestions would be greatly appreciated.
Solved! Go to Solution.
01-21-2025 12:33 PM
- You can't use 9800 controller(s) as (native) radius servers,
M.
01-21-2025 12:52 PM - edited 01-21-2025 12:57 PM
Cisco WLC works for local EAP only. It will not work as radius for remote guest users.
01-21-2025 12:30 PM
Check if CoA port 1700 is open from both side
MHM
01-21-2025 12:37 PM
01-23-2025 04:22 AM
I dont know why they say you can not' if I have anchor sure I can use CWA.
Check the link.
Only make sure the port is open and do config as list in link
Thanks
MHM
01-23-2025 04:30 AM
He's not asking about using CWA, he's asking about using 9800 as radius server @MHM Cisco World .
The example you linked is using ISE for radius, not 9800.
01-23-2025 04:33 AM
He mention guest but dont mention if he use CWA or LWA
MHM
01-21-2025 12:33 PM
- You can't use 9800 controller(s) as (native) radius servers,
M.
01-21-2025 12:52 PM - edited 01-21-2025 12:57 PM
Cisco WLC works for local EAP only. It will not work as radius for remote guest users.
01-22-2025 03:59 PM
As Marce and Flavio have pointed out you can only use it for local EAP, not as a radius server. For local EAP see:
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/215026-local-eap-authentication-on-catalyst-980.html
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-12/config-guide/b_wl_17_12_cg/local-extensible-auth-protocol.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide