07-04-2016 07:54 AM - edited 07-05-2021 05:21 AM
Hi,
Can someone clarify this point :
We have some AP groupe and Flexconnect Groups and some are used in our branchs offices. We want to use the feature of local authentication with a radius server on some branch to be able to have wifi in case of a WAn failure.
When the AAA will be configured in the flexconnect groups, if I put the server on the branch as primary and another server a secondary, does all the 802.1x queries will goes to the branch server, even when the WAN is available? In the SSID config, the main 802.1x server is in our primary datacenter...but we want to keep 802.1x traffic locally even if the WAN if available.
Thanks,
Solved! Go to Solution.
07-04-2016 03:05 PM
When the AAA will be configured in the flexconnect groups, if I put the server on the branch as primary and another server a secondary, does all the 802.1x queries will goes to the branch server, even when the WAN is available?
For the APs that belong to given FlexConnect AP group, authentication request should go to server configure under FlexConnect group.
Refer below for details on FlexConnect design
HTH
Rasika
*** Pls rate all useful responses ***
07-04-2016 06:28 PM
If a FlexConnect is configured with both a backup RADIUS server and local authentication, the FlexConnect access point always attempts to authenticate clients using the primary backup RADIUS server first, followed by the secondary backup RADIUS server (if the primary is not reachable), and finally the FlexConnect access point itself (if the primary and secondary are not reachable).
07-04-2016 03:05 PM
When the AAA will be configured in the flexconnect groups, if I put the server on the branch as primary and another server a secondary, does all the 802.1x queries will goes to the branch server, even when the WAN is available?
For the APs that belong to given FlexConnect AP group, authentication request should go to server configure under FlexConnect group.
Refer below for details on FlexConnect design
HTH
Rasika
*** Pls rate all useful responses ***
07-05-2016 03:25 PM
It is unnatural to doubt you, but are you sure? :-)
When the WAN is available the access-point is no longer in standalone mode and the WLC should be used again. If you always want to use the settings configured within the FlexConnect group you also need to enable the "FlexConnect local authentication" option within the WLAN I thought?
07-04-2016 06:28 PM
If a FlexConnect is configured with both a backup RADIUS server and local authentication, the FlexConnect access point always attempts to authenticate clients using the primary backup RADIUS server first, followed by the secondary backup RADIUS server (if the primary is not reachable), and finally the FlexConnect access point itself (if the primary and secondary are not reachable).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: