Wireless Access

Is it possible to configure the controller to use multiple radius source ports when originating radius requests. From my packet captures 6.5 controllers originate all radius traffic from a single port.

This would mitigate the potential for sequence number exhaustion and also to allow further load balancing in our radius infrastructure.

Are you referring to the source port of the RADIUS request or the source IP of the RADIUS request?

You can specify the port as to which the WLC sends the Auth Port/Acct Port/Radsec Port within the Configuration > Security > Authentication > Servers properties. This is a per authentication server properties.

You can also specify a NAS IP within this same location as well.

NOTE: If you define a local NAS IP using the Configuration > Security >
Authentication > Servers page and also define a global NAS IP using the
Configuration > Security > Authentication > Advanced page, the global
NAS IP address takes precedence.

I mean the source UDP port of the radius request. It seems to be randomly generated but is only a single value per radius server. Can it be made to use more, e.g. one source port per AP?

You cannot change the randomly generated source port (most protocols randomize the source port) you can only change the destination port. I believe it all relates to http://tools.ietf.org/html/rfc6335