Hi all,
I'm trying to configure a Cisco 8510 WLC so that when a wireless user tries to authenticate (802.1x), if they are using a particular realm (say username@xyz.com) then their access-request is forwarded to one RADIUS server (say server A), but if they are using any other realm their request is forwarded to a different RADIUS server (say server B).
I have turned on RADIUS NAI-Realm on the SSID concerned, and with xyz.com configured in the realm list for server A I can authenticate successfully. If I configure a specific different realm (say pqr.com) in server B's realm list then I can also successfully authenticate using username@pqr.com against server B.
But what I really need is to be able to configure a wildcard in the realm list for server B, so that a user with any realm except xyz.com uses server B for authentication (I'm assuming the RADIUS servers are checked in the order they are listed on the Security > AAA Servers tab on the SSID, and so have configured the xyz.com server as server 1). I've tried leaving the realm list empty, and I've tried *, which is accepted in the configuration but doesn't match pqr.com when tested - the associated controller debug says "Could not find a valid radius server form the global/WLAN server list".
So my question is, does anybody know if it is possible to configure a wildcard in the realm list of a RADIUS server on the WLC? Alternatively, can anyone suggest another way of achieving the distribution of access-requests described above?
Thanks in advance for any advice you can offer.
Stuart