Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1281
Views
0
Helpful
3
Replies

Multiple Radius Servers

ittechk4u1
Level 4
Level 4

‎09-23-2020 06:12 AM - edited ‎07-05-2021 12:33 PM

Hello Experts,

 

Here is my scenario:

I have two Radius server(Cisco ISE) installed in my company and all corporate clients are authenticating via these RADIUSE server using EAP-TLS.

 

Now due to office 365, we have few new clients which dont have our company certificates. So external company installed a cloud radius server and provided me the IP, port and shared secret details and asked me to configure it under my corporate WLAN so that new clients connect to same WLAN but authenticate using Cloud radius server.

 

Is it possible or not ? If yes then what i need to do ?

Info: I already configured cloud radius server on WLC and added it under WLAN as 3rd Radius server. Will it work ?

 

Because i heard that If the client cant get authenticated in the first radius server, that radius server will most probably send back a radius reject which means the WLC should not authenticate the user. The 2nd radius server will not be checked.!!!

 

Please help me to find a solution of this issue.

 

Thanks

 

Now i have 

Labels:
0 Helpful
3 Replies 3

Scott Fella
Hall of Fame
Hall of Fame

‎09-23-2020 07:03 AM

I don’t understand why you say that due to office 365? Put it this way, you secure your network by using certificates and having computers joined to the domain. Never have an external company tell you that you should point to their radius server. Who is controlling what devices can and really shouldn’t be on your network. Place these devices on a different ssid that you control or don’t allow them on your network. If you have a guest network and the user has vpn, let them connect that way or find another solution.
-Scott
*** Please rate helpful posts ***
0 Helpful

ittechk4u1
Level 4
Level 4
In response to Scott Fella

‎09-23-2020 11:08 AM

Hi Scott,

Thanks for your reply.

I understand your point but still i want to test as we are installing office 365 and cloud based radius server with the help of External company.

 

I just want that with same corporate ssid, could I use cloud based radius and few non domain clients to authenticate. Means, normal domain computer will authenticate with my cisco ISE radius servers and few non domain computer which will will authenticate from Cloud based radius server.

 

These new non domain computer will also have local/root certificate which will be authenticated by Cloud based radius server.

Is it possible or not ?

 

Thanks

 

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to ittechk4u1

‎09-24-2020 08:13 AM

There are possibilities, but I've never tried it with certificates. 

In the case of username & password authentication, you would send all radius requests to the ISE and depending on the domain (username@domain.com) you would proxy it to the Office365 radius for authentication. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card