Security

Hi,

I have a master-local setup and due to 'enforce machine auth' on the corporate connections, I'd like to enable
 'aaa authentication-server internal use-local-switch' in case of the master failing or becoming unavailable.

The APs will be split across both controllers which are co-located with same vlans and subnets etc.

If I have cp-redirect-address to point to controller A, what happens to guests terminating on controller B?  Will they bring up the captive portal on controller A, but still use the internal db on controller B?

Are these two commands mutually exclusive?

Thanks

Mutually exclusive.

though so.  thanks for confirming.

So if I put all the APs on one controller, I could have the  'aaa authentication-server use-local-switch' enabled.  Guest usage is limited, so in the event of a failure, they'll just have to create another account.  Without a master backup, my main concern is a seamless failover for machine auth clients.

Thanks again Colin.

They have to backup the db from master and upload it on local. 

---

@Michael_Clarke wrote:

though so.  thanks for confirming.

 

So if I put all the APs on one controller, I could have the  'aaa authentication-server use-local-switch' enabled.  Guest usage is limited, so in the event of a failure, they'll just have to create another account.  Without a master backup, my main concern is a seamless failover for machine auth clients.

 

Thanks again Colin.

---

If you are enforcing machine authentication on that local controller, upon failover, they would have to pass machine authentication once agan.  That is because the record of passing machine authentication would be lost on the down controller.