Cisco Cisco Identity Services Engine 2.1 Manuale Tecnico
Increase the server timeout if necessary (default is 2 seconds).
●
2. Fallback configuration.
In unified environment once the server timeout is triggered the WLC moves to the next configured
server. Next in line from WLAN. If no other is available then the WLC selects the next one in the
global servers list. When multiple servers are configured on the SSID (Primary, Secondary, etc)
once the failover occurs the WLC by default continues to send authentication and (or) accounting
traffic permanently to the Secondary instance even if the primary server is back online.
server. Next in line from WLAN. If no other is available then the WLC selects the next one in the
global servers list. When multiple servers are configured on the SSID (Primary, Secondary, etc)
once the failover occurs the WLC by default continues to send authentication and (or) accounting
traffic permanently to the Secondary instance even if the primary server is back online.
In order to mitigate this behavior enable fallback. Navigate to Security > AAA > RADIUS >
Fallback. The default behavior is off. The only way to recover from a server-down event requires
admin intervention (globally bounce the server's admin status).
Fallback. The default behavior is off. The only way to recover from a server-down event requires
admin intervention (globally bounce the server's admin status).
To enable fallback you have two options:
Passive - In passive mode, if a server does not respond to the WLC authentication request,
the WLC moves the server to inactive queue and sets a timer (Interval in Sec option). When
the timer expires, the WLC moves the server to active queue irrespective of the servers actual
status. If the authentication request results in a timeout event (which means the server is still
down) the server entry is moved again to the Inactive queue and the timer kicks in again. If the
server successfully responds back, it remains in the Active queue. Configurable values here
go from 180 to 3600 seconds.
the WLC moves the server to inactive queue and sets a timer (Interval in Sec option). When
the timer expires, the WLC moves the server to active queue irrespective of the servers actual
status. If the authentication request results in a timeout event (which means the server is still
down) the server entry is moved again to the Inactive queue and the timer kicks in again. If the
server successfully responds back, it remains in the Active queue. Configurable values here
go from 180 to 3600 seconds.
●
Active - In active mode, when a server does not respond to the WLC authentication request,
the WLC marks the server as dead, then moves the server to non-active server pool and
starts sending probe messages periodically until that server responds. If the server responds,
then the WLC moves the dead server to active pool and stops sending probe messages.
the WLC marks the server as dead, then moves the server to non-active server pool and
starts sending probe messages periodically until that server responds. If the server responds,
then the WLC moves the dead server to active pool and stops sending probe messages.
●
In this mode the WLC requires you to enter a username and a probe interval in seconds (180 to
3600).
3600).
Note: WLC probe does not require a successful authentication. Either way, a successful or
failed authentications are considered a server response which is enough to promote the
server to the Active queue.
failed authentications are considered a server response which is enough to promote the
server to the Active queue.
Configure the Guest’s Service Set Identifier (SSID)
Navigate to WLANs tab and under Create New option click Go:
●
Enter Profile Name and SSID name. Click Apply.
●
Under the General Tab select the Interface or Interface Group to be used (Guest VLAN).
●
Under Security > Layer 2 > Layer 2 Security select None and enable Mac Filtering
checkbox.
checkbox.
●
Under AAA Servers tab set Authentication and Accounting servers to enabled and select
your primary and secondary servers.
your primary and secondary servers.
●
Interim Update: This is an optional configuration that does not add any benefits to this flow. If
you prefer to enable it, the WLC i should run 8.x or higher code:
you prefer to enable it, the WLC i should run 8.x or higher code:
●