Cisco WLC does not switch to newly added Radius server

Date: 13.06.2018

Category: Enterprise Networks, Troubleshooting and FAQ, Wireless Technologies

Problem description

I came across one of customer’s problem with Cisco WLC wireless controller and 802.1x network. Radius service was driven by NPS (Microsoft Windows Radius). After setup of new NPS server customer configured the second Radius server on WLC swapping the radius server priority (on the first place under the WLAN Security -> Advanced tab he set newly created radius and on the second place the old one). However, devices were still presented with old server certificates causing connectivity issues.

Radius fallback mechanism

Above behaviour is well known. The problem is, the NAD (Network Access Device) in this case Cisco WLC will request from the last known Radius server till the communication fails. Then and only then WLC will fallback to alternate Radius even it is on the first place. How to force the WLC to take the newly configured Radius? Switch off the old one Radius by choosing “None” from drop down list and apply changes. Then choose this server again if you prefer to have two for redundancy purposes.

Cisco_WLC_Radius_Server

Hope this helps!

Tags:

Cisco WLC Radius problem, Radius fallback algorithm, WLC and NPS Server issue

Author

Marcin Bialy

Marcin Biały is Network and Security Architect with over 14 years of experience, with Service Provider and Enterprise networking background. He used to work for large service providers, global vendors and integration services companies as Network Architect, Leading Architect and Techincal Solution Manager positions. He designed, implemented and supported dozens large scale projects and infrastructure migrations, solved hundreds of tickets and spent hours with CLI and GUI of many flavors. Marcin is also holding industry recognizable certificates such as CCNP, CCNA, CCSI #35269, FCNSP #7207, FCNSA and more.