WLAN / Radius – LDAP and Local EAP Authentication

At this moment I’m struggling with the prioritys of the Authentication at the WLAN.

I configured at the WLAN only Local EAP authentication and this is working.
It’s also the same with only a Radius and only a LDAP server.

When I configured Local EAP Authentication and the the Radius server, the authentication is the Radius server.
This seems normal behaviour.
But when I set the Radius server to None and the Local EAP Authentication is still on, the Radius is still seen as the authentication server. I guess this is not normal.

I can only change this by disabling the Radius server and then test the WLAN again…..

About Joost van der Made


4 responses to “WLAN / Radius – LDAP and Local EAP Authentication”

  1. Jason Boyers says :

    This is the normal behavior on the WLC. If the RADIUS server is set to none under the AAA settings for the WLAN, it will use the configured RADIUS servers on the WLC in order of the Server Index. If you want to use Local EAP for one WLAN, as well as an external RADIUS server for another, you need to configure a bogus RADIUS server (preferably with a high Server Index – say 17). Then, in the Local EAP WLAN, select the bogus SSID. Authentication requests will try that RADIUS server at first, but because it is not a real RADIUS server, it won’t respond. The WLC will fail over to Local EAP in that case.

  2. Brendon says :

    Workaround is to uncheck the “network user” from radius server page. It means wlan will not be able to use those radius server configured unless they are selected under wlan/security.

    Hence you can use local ldap since radius servers for “network user” is globally disabled. Other wlans must choose radius servers from wlan/security in order to continue providing radius authentication.

    one problem with unchecking “network user” is if you are using authorisation AP using AAA. It seems “network user” must be checked to authenticate those APs.

  3. sascha says :

    yes it is right.
    If a radius server is configured for wlan user/client authentication -> local radius authentication is not possible anymore

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: