Route to external Radius Server on C35


Userlevel 2
Hello,

I have a little challenge with my new C35 Indentifi Wireless Controller and Radius Authentication as follows:

Setup different topologies tagged with vlan (VLAN 10, VLAN 99) and want to authenticate users on the Wireless Network that is bound to VLAN 10 via 802.1x - so far no problem, but the Radius is situated in a different vlan reachable via the Standardgateway of VLAN 99.

I tried to insert a static route but that didnt work out (invalid gateway ip adress). do i have to take care of anything special when trying to enter a static route?

is there any way to get that solved or do i have to setup ipforwarding on our switches (which our client i suppose doesn't really want to see because of security issues)

any ideas would be appreciated!

Peter

7 replies

Userlevel 3
The gateway has to be in a network of one of the configured layer 3 interfaces of your controller topologies. It schould not be in the network of the admin topology. You also should not set a default gateway entry in the admin topology.

The wireless stations don't need a direct connection to you RADIUS server.

Kind regrads
Christoph
Userlevel 2
Thanks for Info!

Hm the problem is that my radius is definitevly in another network - so would it be a solution to configure a topology with the L3 settings in that network? If yes - i i have the same problem as before - where to set the gateway for reaching the radius?

I don't use the Admin interface at all, as i have my management net set up as a topology because the APs get the IP Adresses out of that Topology.

What are the valid route ip addresses that can be set in Routes, because when i try to setup any gateway that is present in my topology nets i get the message invalid gateway ip address.

Regards
Peter
Userlevel 3
sorry, I missed to mention, that routes are only valid for physical topologies.
Userlevel 7
Could you please post a screenshot of controller GUI > Controller > Network > Topologies.
Also please tell me the RADIUS IP.

-Ron
Userlevel 2
Name Mode L2:VlanId,tagged,port L3:IP,GW,DHCP L3:IPv6,Auto-Generated Admin admin N/A,N/A,Admin 172.16.0.21,172.16.0.254,N /A N/A, Bridged at AP untagged b@ap 4094,disable,N/A SenBNoWLAN b@ac 2769,enable,lag1 172.27.69.249,none,none VoiceSenBNo b@ap 2761,enable,N/A SenBNoGast b@ac 62,enable,lag1 10.62.0.21,10.62.0.254,loc al SenBNoBewo b@ac 61,enable,lag1 10.61.0.21,10.61.255.254,l ocal Voice b@ac 2761,disable,esa0 172.27.61.21,none,relay SenBNoMgmt b@ac 2768,enable,lag1 172.27.68.21,172.27.68.254 ,local [/code]
IP Adress of our Radius is 172.17.71.7 reachable via 172.27.68.254

BR
Peter
Userlevel 7
That isn't working as the topology of the SenBNoMgmt is bridge@ac.
You should always use at least one "physical" topology so you'd use it to route traffic.

I can't remember if that will work so you'd need to give it a try ... add another bridge@ac topology tagged 99 with a IP in the RADIUS subnet i.e. 172.17.71.99 and check whether the controller could communicate with the RADIUS.

-Ron
Userlevel 2
Hi,

at last the tip with the physical topology did solve the problem - i changed the topology and after that i was able to enter a static route to the radius.

Now everything working fine!

Thanks for help everyone 😉

BR
Peter

Reply