cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
252
Views
1
Helpful
6
Replies

Tunneling SSID on Cisco WLC to remote Radius Server

kamz1
Level 1
Level 1

Good day Cisco community.

I want to extend a partner's corporate Wifi to our premises by creating an SSID on our Cisco WLC and tunnelling the traffic over Internet to partner's remote radius server. Our partner is using Ruckus network gear. how best can this be achieved ? is GRE tunneling possible and IPsec on top?...Any configurations to be made on our Cisco Firewal aswell ?   Any configuration guidance will be appreciated.

2 Accepted Solutions

Accepted Solutions

GRE is use only to overrride some routing issue 

IPSec in otherhand is perfect to connect NAD to radius because it secure not such GRE.

You want to run tunnel between WLC to AAA

MHM

View solution in original post

 

  >...is it possible defining an Ipsec Vpn directly from the WLC towards the radius server - or this can be best done by having the VPN on firewall level?
   - As you are already saying : you can't setup an ipsec vpn directly on the WLC. It must be done at perimeter equipment such as the firewall or a router (indeed). Afterwards you must test if the intended  radius server becomes reachable from the WLC , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

6 Replies 6

GRE is use only to overrride some routing issue 

IPSec in otherhand is perfect to connect NAD to radius because it secure not such GRE.

You want to run tunnel between WLC to AAA

MHM

Thank you. My follow up question is whether to define the Ipsec VPN connection at my firewall level or this is best done on the WLC level?

FW sure' I don't think wlc can run ipsec directly to server.

In FW you need to use policy based VPN and specify host mgmt IP in acl of IPsec.

MHM

marce1000
VIP
VIP

 

  - You don't tunnel an SSID towards a Radius server , the only thing that (can) happen(s) ; is that you
     define 802.1x security with radius for the particular SSID/WLAN.  Then you must make sure
     that  the radius server's defined on the WLC can be reached by the WLC over the networking infrastructure
                     'That's it'

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

kamz1
Level 1
Level 1

Thanks @marce1000. Since the radius server is remote (over the Internet) is it possible defining an Ipsec Vpn directly from the WLC towards the radius server - or this can be best done by having the VPN on firewall level?

 

  >...is it possible defining an Ipsec Vpn directly from the WLC towards the radius server - or this can be best done by having the VPN on firewall level?
   - As you are already saying : you can't setup an ipsec vpn directly on the WLC. It must be done at perimeter equipment such as the firewall or a router (indeed). Afterwards you must test if the intended  radius server becomes reachable from the WLC , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
Review Cisco Networking for a $25 gift card