Tim, you are correct that for SSIDs with a foreign and anchor controller, all authentication is performed through the anchor. So, does the AAA piece need to be configured on the foreign controller? No. So, why configure AAA on the foreign WLC? In this case, it was already in there from a previous requirement. It doesn't hurt (in this case) to add it. And, there are several things which must be configured the same on both the anchor and the foreign WLCs (but not everything.) Would you be marked for having it or not having it? No.
Sorry for any confusion that that caused. Jason Boyers - CCIE #26024 (Wireless) Technical Instructor - IPexpert <mailto:[email protected]> [email protected] From: [email protected] [mailto:[email protected]] On Behalf Of Silverline,Tim Sent: Sunday, February 20, 2011 5:20 PM To: [email protected] Subject: [CCIE Wireless] Question on Lab 5.5 In Lab 5.5 part 2 - it asks to configure a Guest2 SSID using RADIUS auth against AD. In the solution guide it goes through the steps of configuring the RADIUS server details on both the local controller AND the anchor controller. Through some testing today it seems that the configuration on the local controller is not necessary. I was trying to do Local EAP-FAST authentication today and it occurred to me how silly it would be if you had to configure the users on every single controller in order for it to work properly so I just deleted the config from the local and left only on anchor and it still continued to authenticate successfully. Since all of the authentication is apparently handled by the anchor controller - and not at all by the local controller - what is the benefit of configuring it on the local controller as well? Am I missing something here? Thanks in advance for your feedback. Tim Silverline, CCIE #18490, CISSP World Wide Technology, Inc. Consulting Systems Engineer
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
