Hi Victor, The first paragraph is talking about the local database and the second paragraph is talking about local EAP. The key difference here is the local database is checked even if the Radius server doesn't have an entry for the users. With Local-EAP, if the Radius server responds (regardless if the user exists or not) then it is *never* checked.
Cheers, Leigh On 29 June 2011 23:15, Victor Platov (viplatov) <[email protected]> wrote: > Hi team,**** > > ** ** > > 4.2 configuration guide says:**** > > ** ** > > “The *controller passes client information to the RADIUS authentication > server first. If the client information does not match a RADIUS database > entry, the local user database is polled. Clients located in this database > are granted access to network services if the RADIUS authentication fails or > does not exist.*” (page 5-15).**** > > ** ** > > But below on page 5-23 we can read different info: **** > > ** ** > > “*If any RADIUS servers are configured on the controller, the controller > tries to authenticate the wireless clients using the RADIUS servers first. > Local EAP is attempted only if no RADIUS servers are found, either because > the RADIUS servers timed out or no RADIUS servers were configured**.*” > (page 5-23)**** > > ** ** > > I’ve tried it and found out that the second sentence is more accurate: if > Radius authentication returns Access-reject no other actions performed!*** > * > > ** ** > > What does that mean? **** > > That means we can not simultaneously use Local EAP authentication for > wireless clients and Authorize APs aganst AAA! For local EAP we should > uncheck “network user” from RADIUS configuration but for APs authorization > we should check it!**** > > ** ** > > ** ** > > ** ** > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com <http://www.platinumplacement.com/> > > -- CCIE Blog - http://leigh-cciewireless.blogspot.com/
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
