Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1159
Views
0
Helpful
8
Replies

Wireless controller 5520 failover senario , Access 802.1x authentication with radius server

JlassiAhmed0345
Level 1
Level 1

‎09-04-2020 02:52 AM - edited ‎07-05-2021 12:28 PM

Hi 

 

 WLC 5520  and ISE 

i got a question, in case of central authentication 802.1x with ISE, and the WLC is failed is there a method to configure the flexconnect AP to continue to authenticate new users that would  access the network using the Radius server.

 

thanks

Labels:
0 Helpful
8 Replies 8

Scott Fella
Hall of Fame
Hall of Fame

‎09-04-2020 03:12 AM

If any radius server is not reachable for authentication, then any new clients or clients that is going through a re-auth would fail.
-Scott
*** Please rate helpful posts ***
0 Helpful

JlassiAhmed0345
Level 1
Level 1
In response to Scott Fella

‎09-04-2020 03:22 AM

thanks for your reply 

 

the radius server is reachable for the Access Point. 

ISE(radius) : UP

WLC: down 

Flexconnect AP can reach ISE.

in this case how to configure a Flexconnect Access point to authenticate new users?

 

thanks

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎09-04-2020 03:21 AM

Any new or re-auth fails , so better to have redundency  in place

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

JlassiAhmed0345
Level 1
Level 1
In response to balaji.bandi

‎09-04-2020 03:46 AM

Thanks for your reply

 

so if  I understood you well, you mean that in case of WLC failure, we lose the ability to re-auth or authenticate new users with 802.1x, even when, we are using a flexconnect .

 

as is mentioned in the link below , it's possible to authenticate 802.1x new users when WLC is down: 

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-3/Flex_7500_DG.html#pgfId-43489

best regards

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to JlassiAhmed0345

‎09-04-2020 07:30 AM

What I meant is if radius is not available, which means that the link goes down at a site, the aps have no way to communicate to radius. The o my way in your case is to have a radius serv in prem since you are using FlexConnect.
-Scott
*** Please rate helpful posts ***
0 Helpful

JlassiAhmed0345
Level 1
Level 1
In response to Scott Fella

‎09-04-2020 08:07 AM

thanks for your reply 

 

so how to configure flexconnect access point to authenticate or re-auth 802.1x  users via a local backup radius server.

note : WLC is down 

 

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to JlassiAhmed0345

‎09-04-2020 11:25 AM

Search for “Cisco WLC FlexConnect radius”. Here is a link to another thread on the same topic.

https://community.cisco.com/t5/wireless-security-and-network/cisco-wlc-flex-connect-ssid-radius-authentication-when-wlc-is/td-p/3792394
-Scott
*** Please rate helpful posts ***
0 Helpful

JlassiAhmed0345
Level 1
Level 1
In response to balaji.bandi

‎09-04-2020 05:38 AM

Thanks for your reply

 

so if  I understood you well, you mean that in case of WLC failure, we lose the ability to re-auth or authenticate new users with 802.1x, even when, we are using a flexconnect .

 

as is mentioned in the link below , it's possible to authenticate 802.1x new users when WLC is down: 

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-3/Flex_7500_DG.html#pgfId-43489

 

best regards

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card