Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2814
Views
4
Helpful
6
Replies

What interface does the WLC talk from for Radius Auth

moorera
Level 1
Level 1

‎12-18-2011 02:20 AM - edited ‎07-03-2021 09:15 PM

I have the situation where I need to talk to multiple different Radius servers depending on the WLAN.  Some of the WLANs are not able to route traffic over my entire network, and within these secure areas the Radius server for that area sit.  Is there away that I can instruct the WLC to use its virtual interface to make the Radius Auth instead of using the WLCs Management interface?

Thanks

Randy Moore

Labels:
0 Helpful
6 Replies 6

Scott Fella
Hall of Fame
Hall of Fame

‎12-18-2011 06:50 AM

The communication from the WLC and Radius uses the management ip of the wlc. Your defined AAA client in radius has to use the management ip... The VIP will not work.

Why wouldn't you have routing between the management and the subnet(s) your radius server is on?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

moorera
Level 1
Level 1
In response to Scott Fella

‎12-18-2011 11:36 PM

Hi Scott,


Thanks for the reply.  We have the setup we have as two companies in the middle of a JV and different support models/needs in a new office. I don't want to have two WLCs and APs throughout the building so we are doing 1 with different needs.... Due to the different support arrangements a PC from one legacy company is not allowed on the network of the others... Lot's of fun.

Thanks again for the help.

Randy

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎12-18-2011 07:00 AM

It doesn't matter if the user WLAN does not route to your radius subnet(s)... It matters that your management ip routes to your radius subnet(s).

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

George Stefanick
VIP Alumni
VIP Alumni

‎12-18-2011 09:30 AM

To add to this ... If you have a WLC in the DMZ and you do say office extends or 802.1X in some flavor you would need to allow access from the radius server to the DMZ WLC managment address.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

nikhilcherian
Level 5
Level 5
In response to George Stefanick

‎12-18-2011 12:04 PM

Cant the "Radius Server Overwrite interface" feature be used here, where in the interface mapped to WLAN will be used to reach the RADIUS server

Thanks

NikhiL

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to nikhilcherian

‎12-18-2011 12:06 PM

You can do vlan override... This will change the vlan a user will be placed on depending on what vlan id you specify on the radius server. The wlc has to have a dynamic interface on each of the vlans.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card