Local Authentication Server does not update policy on AP

Toy Thompson · ‎10-31-2025

I have a Cisco 9800 WLC running 17.12.5 and I have 1 central site (local mode APs where the WLC resides) and about 10 remote sites with APs in FlexConnect Mode and Local Authentication. Each remote site has a local authentication server with the authentication server at the central site as the backup.
At some of the remote sites local authentication works 100%, but at some sites it does not. I have verified the Policy Profile, Flex Profile and Site Tags at the "non-working" sites and compared them to the working sites and they are exactly the same except for Name and IPs which are specific to the site.
Clients at the "non-working" sites authenticate with the servers at the central site and not the server locally to the site. If we remove the backup authentication server all together clients at the non-working site still authenticate with the central site authentication server. We have verified "Central DHCP", "Central Authentication" & "Central Switching" are all disabled

Mark Elsen · ‎10-31-2025

- @Toy Thompson Verify the controller's configuration with the CLI command : show tech wireless
and feed the output from that into Wireless Config Analyzer
Use the full command as outlined in green , it does not work with show tech-support

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)