Description:
If a WLC operates access points with SSIDs that enable continued operations even without the WLC (standalone mode), then a temporary failure of the WLC does not present a problem.
However, if an SSID operates the RADIUS service of the WLC by means of either 802.1x or MAC filtering, then the failure of the WLC will cause a failure of the network because login is no longer possible.
This document describes the necessary configuration steps to backup the WLC's own RADIUS by operating the RADIUS service from one of the access points managed by the WLC. In this case, RADIUS refers to the Stations table.
Requirements:
Procedure:
1) Configuration steps on the LANCOM WLC:
1.1) On the WLC, enable the RADIUS service in the menu Configuration-> RADIUS server -> General.
1.2) On the WLC, enable the standalone mode and MAC checking for the logical wireless LAN network. All access points using this profile use the WLC as a RADIUS server.
1.3) In the Stations table, create entries for each MAC address (with an individual password per client (LEPS)).
1.4) In the menu Configuration -> WLAN controller -> Profiles -> RADIUS profiles, inform the access points via the WLC about the backup RADIUS.
- The default entry specifies that the WLC (0.0.0.0) itself is the RADIUS.
- The backup entry specifies the IP and password to use the AP backup RADIUS.
- The password authenticates the access point to the RADIUS.
2) Configuration steps on the access point:
2.1) On the access point, which is to be used as a RADIUS backup (AP-B-R), enable the RADIUS service in the menu Configuration -> RADIUS server -> General.
2.2) Allow the access points to access the RADIUS. Enter the access points that are to be able to access the RADIUS into the table Configuration -> RADIUS server -> General-> Clients.
2.3) In the Stations table here too, create entries for each MAC address (with an individual password per client (LEPS)). The maintenance of this table must be carried out on both devices, but this can be automated with timed scripts.
The other items in this menu remain unchanged.
Information:
If the WLC is also a DHCP server, a corresponding backup must be configured for this service as well.
|
|
