Part of the IPX1 configuration states: "Ensure that users won't be able to use RADIUS for authentication"
The DSG shows this is accomplished by simply not selecting RADIUS servers under the AAA policy within the IPX1 WLAN. Just wanted to point out that this is not actually a valid method of ensuring RADIUS is not used on Cisco's controllers. Something that has been frustrating to me about WLCs for quite some time - even if no RADIUS servers are selected within a particular WLAN - the controller will still attempt to authenticate to a RADIUS server from the authentication servers listed under the security tab. The only way to actually prevent this is by removing every single RADIUS server from the controller thereby disabling RADIUS authentication entirely. I do not believe this has been fixed even in the latest versions of code (though I have not tested on 7.x and later). Tim Silverline, CCIE #18490, CISSP World Wide Technology, Inc. Consulting Systems Engineer Mobile: 415.596.2160 E-mail: [email protected]
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
