Scribd Logo
Upload

Welcome to Scribd!

  • 65 views

    WLC-Best Practices-ISE Radius

    Uploaded by

    Budiarto
    This document discusses three settings related to configuring a Cisco wireless LAN controller (WLC) with a Cisco Identity Services Engine (ISE) RADIUS server: 1) RADIUS server timeout should be at least 5 seconds to prevent client join issues, 2) WLANs should be configured with recommended ISE settings for authentication, and 3) RADIUS aggressive failover should be disabled for optimal performance. Status and CLI commands are provided to check compliance and configure each setting.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    WLC-Best Practices-ISE Radius

    Uploaded by

    Budiarto
    65 views1 page
    This document discusses three settings related to configuring a Cisco wireless LAN controller (WLC) with a Cisco Identity Services Engine (ISE) RADIUS server: 1) RADIUS server timeout should be at least 5 seconds to prevent client join issues, 2) WLANs should be configured with recommended ISE settings for authentication, and 3) RADIUS aggressive failover should be disabled for optimal performance. Status and CLI commands are provided to check compliance and configure each setting.

    Original Description:

    WLC-Best Practices-ISE Radius

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses three settings related to configuring a Cisco wireless LAN controller (WLC) with a Cisco Identity Services Engine (ISE) RADIUS server: 1) RADIUS server timeout should be at least 5 seconds to prevent client join issues, 2) WLANs should be configured with recommended ISE settings for authentication, and 3) RADIUS aggressive failover should be disabled for optimal performance. Status and CLI commands are provided to check compliance and configure each setting.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    65 views1 page

    WLC-Best Practices-ISE Radius

    Uploaded by

    Budiarto
    This document discusses three settings related to configuring a Cisco wireless LAN controller (WLC) with a Cisco Identity Services Engine (ISE) RADIUS server: 1) RADIUS server timeout should be at least 5 seconds to prevent client join issues, 2) WLANs should be configured with recommended ISE settings for authentication, and 3) RADIUS aggressive failover should be disabled for optimal performance. Status and CLI commands are provided to check compliance and configure each setting.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 1

    ISE RADIUS https://wlc.mmki.co.id/bp/helpfiles/r-ise-radius.

    html

    ISE RADIUS
    RADIUS Server Timeout
    Description—RADIUS authentication and accounting servers should have 5 seconds as the minimum value for server timeout
    to prevent client join timeout issues from the ISE RADIUS server.
    Status:
    Compliant—All the enabled RADIUS authentication and accounting server timeouts are greater or equal to 5 seconds.
    Non-Compliant—At least one enabled RADIUS authentication and accounting server timeout is less than 5 seconds.
    CLI Option—Set the timeout for RADIUS authentication and accounting servers by entering these commands:
    (Cisco Controller) >config radius auth retransmit-timeout RADIUS-Server-ID timeout-in-seconds
    (Cisco Controller) >config radius acct retransmit-timeout RADIUS-Server-ID timeout-in-seconds

    WLAN ISE Configuration


    Description—Allows you to identify if the WLAN is configured with recommended configuration for Cisco ISE RADIUS server.
    Status:
    Compliant—At least one WLAN in enabled state has the entire ISE configuration set.
    Non-Compliant—None of the WLANs in enabled state has the entire ISE configuration set.
    CLI Option—Multiple features have to be configured by entering these commands:
    Security
    Enable interim update in AAA server:
    (Cisco Controller) >config wlan radius_server acct interim-update enable wlan-id
    Set interim interval in AAA server to 0 second:
    (Cisco Controller) >config wlan radius_server acct interim-update 0 wlan-id
    Advanced
    Enable client exclusion:
    (Cisco Controller) >config wlan exclusionlist wlan-id enabled
    Set session timeout to 7200 seconds:
    (Cisco Controller) >config wlan session-timeout wlan-id 7200
    Set client exclusion list timeout to 180 seconds:
    (Cisco Controller) >config wlan exclusionlist wlan-id 180
    Set the user idle timeout to 3600 seconds:
    (Cisco Controller) >config wlan usertimeout 3600 wlan-id

    RADIUS Aggressive Failover


    Description—The RADIUS aggressive failover should be disabled to get optimum performance for client authentication on a
    Cisco ISE server.
    Status:
    Compliant—The RADIUS aggressive failover is disabled.
    Non-Compliant—The RADIUS aggressive failover is enabled.
    CLI Option—Disable aggressive failover for RADIUS by entering this command:
    (Cisco Controller) >config radius aggressive-failover disable

    1 of 1 12/20/2022, 11:24 AM

    You might also like