I came across one of customer’s problem with Cisco WLC wireless controller and 802.1x network. Radius service was driven by NPS (Microsoft Windows Radius). After setup of new NPS server customer configured the second Radius server on WLC swapping the radius server priority (on the first place under the WLAN Security -> Advanced tab he set newly created radius and on the second place the old one). However, devices were still presented with old server certificates causing connectivity issues.
Above behaviour is well known. The problem is, the NAD (Network Access Device) in this case Cisco WLC will request from the last known Radius server till the communication fails. Then and only then WLC will fallback to alternate Radius even it is on the first place. How to force the WLC to take the newly configured Radius? Switch off the old one Radius by choosing “None” from drop down list and apply changes. Then choose this server again if you prefer to have two for redundancy purposes.
Hope this helps!
Leave a Reply