06-12-2014 09:19 PM - edited 07-05-2021 01:00 AM
Hi,
I have cisco WLC 2504 I configure two windows Radius server on that wlc. Both Radius server working fine, But when primary radius server down. Secondary not comes up. Please help me out when my primary radius server goes down how automatically secondary comes up. Fallback mode passive, Active & off which one should I select it;s ask username what is the meaning of username. Where I get this username.
Regards,
Rahul Wankhade
06-12-2014 10:02 PM
Hi Rahul,
I hope below link clearly explains your answer.
http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/106258-radius-fbkftr-wlc-config.html
To summaries
There are three modes to fall back:
Off - no fallback
Passive - WLC sends the credentials to the 'dead' server when a user tries to authenticate
On - You configure a username and an time interval. WLC sends the credentials to the 'dead' server at configured interval.
The password is not really checked here and all WLC is checking is whether it is getting any response back. So getting a reject back from the server would bring it back 'alive' in the AAA list.
Hope that helps.
Regards
Najaf
06-12-2014 10:17 PM
Dear Najaf,
Thanks for your mail, But I am not understand username can I use anything in the wlc. Which one fallback
option recommended.
06-12-2014 10:32 PM
Hi Rahul,
My recommendation would be active.
When you enable active fallback you get an option to specify a username. You can enter your own username or leave it with the default. The default username is “cisco-probe”. Because this username is used to send probe messages, you do not need to configure any password.
Hope that helps.
Regards
Najaf
Please rate when applicable or helpful !!!
06-17-2014 07:09 PM
a. Choose Security > AAA > RADIUS > Fallback to open the RADIUS > Fallback Parameters to open the fallback parameters page.
b. From the Fallback Mode drop-down list, choose one of the following options:
•Off—Disables RADIUS server fallback. This is the default value.
•Passive—Causes the controller to revert to a server with a lower priority from the available backup servers without using extraneous probe messages. The controller ignores all inactive servers for a time period and retries later when a RADIUS message needs to be sent.
•Active—Causes the controller to revert to a server with a lower priority from the available backup servers by using RADIUS probe messages to proactively determine whether a server that has been marked inactive is back online. The controller ignores all inactive servers for all active RADIUS requests. Once the primary server receives a response from the recovered ACS server, the active fallback RADIUS server no longer sends probe messages to the server requesting the active probe authentication.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide