Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1128
Views
0
Helpful
2
Replies

WLC - radius down, possible to have auth none as secondary?

Go to solution
c.s
Level 1
Level 1

‎06-04-2012 01:09 PM - edited ‎07-03-2021 10:14 PM

Lets say i have a 5508 wlc and have configured a wlan with web-auth and radius authentication

The one and only configured radius server goes offline. In the event this should happen, is it possible to allow clients to connect anyway? auth none as secondary?

Appreciate any thoughts

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
George Stefanick
VIP Alumni
VIP Alumni

‎06-04-2012 01:32 PM

Chris,

No, unfortunately not.  Once you select 802.1X (Radius) you are bound to that security type. The  controller will not allow NON EAP traffic on that WLAN unless it gets a EAP SUCCESS frame. The EAP success frame from the radius is sent to the WLC and it tell the WLC to open the controlled port to allow traffic to pass.

Top of my head alternatives:

You might consider another SSID with the same name with a OPEN security. Manually enable after failure of radius server

.

Create the user accounts on the WLC and allow the WLC to act as your radius server.If you have a large environment may not be realistic.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

0 Helpful

Go to solution
Saravanan Lakshmanan
Cisco Employee
Cisco Employee

‎06-05-2012 11:33 PM

#webauth and radius uses pap/chap/md-5, however conditional and splash page web redirect uses dot1x.

#You can fallback between Local/Radius/LDAP for webauth based on priority order for web-auth user

In your case you can set webauth priority as Radius, Local.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
George Stefanick
VIP Alumni
VIP Alumni

‎06-04-2012 01:32 PM

Chris,

No, unfortunately not.  Once you select 802.1X (Radius) you are bound to that security type. The  controller will not allow NON EAP traffic on that WLAN unless it gets a EAP SUCCESS frame. The EAP success frame from the radius is sent to the WLC and it tell the WLC to open the controlled port to allow traffic to pass.

Top of my head alternatives:

You might consider another SSID with the same name with a OPEN security. Manually enable after failure of radius server

.

Create the user accounts on the WLC and allow the WLC to act as your radius server.If you have a large environment may not be realistic.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Go to solution
Saravanan Lakshmanan
Cisco Employee
Cisco Employee

‎06-05-2012 11:33 PM

#webauth and radius uses pap/chap/md-5, however conditional and splash page web redirect uses dot1x.

#You can fallback between Local/Radius/LDAP for webauth based on priority order for web-auth user

In your case you can set webauth priority as Radius, Local.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card