Glad it was helpful to you :). That had bothered me as well, so you're not alone.
Jason Boyers - CCIE #26024 (Wireless) Technical Instructor - IPexpert [email protected] Office: +1 (810) 326-1444 For *Free* CCIE Training, please visit: http://bit.ly/vLecture For Technical Support, please E-Mail: [email protected] For Live Assistance, please visit: www.ipexpert.com/chat Community: http://www.ipexpert.com/communities eFax: +1 (810) 454-0130 IPexpert is the Global leader in training for the Cisco CCIE lab exam, having helped over 1,600 students earn their CCIE. We are the premier provider of Classroom Training, Self-Study Workbooks, Video on Demand, Audio Tools, and Online Hardware Rental for CCIE Routing & Switching, Voice, Security, Service Provider, and Wireless education with locations throughout the United States, Europe, and Australia. Please visit us at: www.ipexpert.com/communities along with our sister companies: www.proctorlabs.com www.platinumsolutionsgroup.com and www.platinumplacementservices.com On Feb 17, 2011, at 3:30 AM, "Silverline,Tim" <[email protected]> wrote: Thanks Dominic. I sent a follow up email shortly after this pointing out my oversight as I read the final solution. I was very quick to react (in poor judgment apparently) since this specific issue has bothered and puzzled me for quite some time. In fact I brought it up in a CCIE wireless bootcamp I recently attended (I won’t name the vendor because the class was a large disappointment) and many other locations including several Cisco wireless sessions and was never once provided this guidance. I am very grateful to have learned this new detail and happy that Jason included it in this workbook. Tim *From:* Stalder Dominic [mailto:[email protected]] *Sent:* Wednesday, February 16, 2011 11:14 PM *To:* Silverline,Tim; [email protected] *Subject:* Re: [CCIE Wireless] LAB 4.6 Observation Hi Tim Your are absolutly right concerning the fact, that WLC uses RADIUS if a server is configured globally, even it is not specified under security in the WLAN profile. But the solution for IPX1 ist correct in the DSG, because of this statement: “To ensure that users on IPX1 are not authenticated via RADIUS, *make sure thate the “Network” (User) box is unchecked for the RADIUS server*” You don’t need to completely disable the RADIUS server, you just can disable the user authentication, so you are still able to authenticate management users, as an example. See attached screenshot. Regards Dominic ------------------------------ *Von: *"Silverline,Tim" <[email protected]> *Datum: *Wed, 16 Feb 2011 23:49:12 -0600 *An: *"[email protected]" <[email protected] > *Betreff: *[CCIE Wireless] LAB 4.6 Observation Part of the IPX1 configuration states: “Ensure that users won’t be able to use RADIUS for authentication” The DSG shows this is accomplished by simply not selecting RADIUS servers under the AAA policy within the IPX1 WLAN. Just wanted to point out that this is not actually a valid method of ensuring RADIUS is not used on Cisco’s controllers. Something that has been frustrating to me about WLCs for quite some time – even if no RADIUS servers are selected within a particular WLAN – the controller will still attempt to authenticate to a RADIUS server from the authentication servers listed under the security tab. The only way to actually prevent this is by removing every single RADIUS server from the controller thereby disabling RADIUS authentication entirely. I do not believe this has been fixed even in the latest versions of code (though I have not tested on 7.x and later). ------------------------------ _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
