Problem with CISCO WIRELESS CONTROLLER and RADIUS Authentication

Matthew Newton mcn4 at
Thu Jul 4 14:29:52 CEST 2013


This isn't a FreeRADIUS issue, and shouldn't really be on this

However -

On Thu, Jul 04, 2013 at 09:12:40AM -0300, Gustavo Vieira Oliveira wrote:
> We have a Cisco Wireless Controller 5508 with Aironet 1041 APs.

We have the same, authenticating against FreeRADIUS.

> To make the AP authenticate with RADIUS we need to set the following
> command manually in the AP:
> - radius-server vsa send

That is odd, and I would guess that you have something not set up
correctly on the controller (I assume your APs are all lightweight
and correctly joined to the controller).

It all works fine here with no manual configuration of the APs at
all - they get all their config from the controller, as they
should do. The APs don't do any RADIUS themselves - it's all
handled from the controller. So I can't understand why they would
need to know anything about RADIUS attributes.

> The thing is, the APs can only authenticate if this command is
> issued in the AP by cli and we need that the Wireless Controller can
> pass this configuration to the APs, which it doesn't support. So,
> anyone know why is it necessary and if there is another alternative
> or workaround to make it work without it?

I would check that your WLANs are correctly configured with the
RADIUS servers in the controller. You shouldn't need to configure
the APs like this.

You're better off asking on another mailing list, though.


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list