WLC 5508 no further RADIUS auth. requests

airwaver86 · ‎03-19-2013

Hello forum,

I'm working on a project where a wi-fi client is tracked and located using RADIUS authentication requests. The problem I'm running into is that the WLC (5508) sends an RADIUS authentication request to my freeradiusd, which is ok so far, but if the client roams to another accesspoint (3602AG, 1131AG, 1252AG), the WLC does not send a further RADIUS auth. request - and the client is allowed to connect to the next ap.

Is there an option like RADIUS-cache which I can disable, so that the WLC sends everytime an authentication request when a client tries to connect to an ap or roams from one ap to another one?

cheers,

Chris

Scott Fella · ‎03-19-2013

The only time a radius attribute will be sent from the WLC to the radius is during a full re-auth. There is no setting that I know on the WLC to send any info on a roam. When the session timeout is hit, you would see a log on your radius since that forces the client to re-auth again.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Saravanan Lakshmanan · ‎03-19-2013

#what you're seeing is an expected behavior for seamless roaming.

#try this, use local switching on the wlan and don't put those hreap AP in the hreap group, this way we could try to break the seamless roaming.

Amjad Abdullah · ‎03-20-2013

Chris:

I agree with the above. What you see is normal. When roaming and key caching is in use there is no full auth happen between the client and the server. What you see is expected.

Rating useful replies is more useful than saying "Thank you"

msonnie · ‎04-03-2013

The tracking of user's could be done using the BSSID factor which is denoted by MAC address of AP can be used to locate the client is this situation or by forcefully making the device get re-authenticated.

HTH