Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
16517
Views
20
Helpful
16
Replies

WLC "radius server overwrite interface" setting

Go to solution
andrewswanson
Level 7
Level 7

‎01-22-2014 02:14 AM - edited ‎07-05-2021 12:01 AM

Hello


I'm looking at using "radius server overwrite interface" on a WLAN as a replacement for Called-Station-ID for Radius to match on SSID.

When I enable "radius server overwrite interface" on a WLAN and join a client to the SSID I can see (via packet capture) that the WLC is correctly sourcing the Radius packets with the WLAN's "dynamic" interface IP Address. The problem is that the Radius server doesn't repond to these requests. Radius is configured with rules to match the new IP address but I see nothing (pass or fail) in the logs.

Interestingly, the packet captures shows the correct NAS IP address (the WLAN interface IP Address) but always shows the WLC hostname as NAS-ID (regardless of NAS-ID settings on the WLAN or WLAN interface)

I've tried WLC software 7.4.110.0, 7.4.121.0 and 7.6.100.0 with the same results but Radius never responds. Radius is Cisco ACS 5.5.0.46. Any ideas as to why this is happening?

Thanks
Andy

1 person had this problem
Labels:
0 Helpful
16 Replies 16

Go to solution
andrewswanson
Level 7
Level 7
In response to Scott Fella

‎01-30-2014 02:11 AM

The solution for this was embarassingly simple. The packet captures for when Radius Server Interface Overwrite was enabled correctly showed the Radius packets with the correct source IP (the WLAN dynamic Interface). On the SVI for this interface, there was a very strict ACL which was dropping the Radius traffic. Once the ACL was amended to allow the Radius traffic, authentication worked perfectly. In ACS I can see the passed authentication logged  with the NAS IP address listed correctly as the WLAN dynamic Interface IP Address.

I reallly should have checked this before posting - my apologies and thanks for your help.

Cheers

andy

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to andrewswanson

‎01-30-2014 05:42 AM

Not a problem. At least you found that ACL!

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card