Wireless Access

Reply
Occasional Contributor II

Multiple radius source ports on controller

Is it possible to configure the controller to use multiple radius source ports when originating radius requests. From my packet captures 6.5 controllers originate all radius traffic from a single port.

 

This would mitigate the potential for sequence number exhaustion and also to allow further load balancing in our radius infrastructure.

Re: Multiple radius source ports on controller

Are you referring to the source port of the RADIUS request or the source IP of the RADIUS request?

 

You can specify the port as to which the WLC sends the Auth Port/Acct Port/Radsec Port within the Configuration > Security > Authentication > Servers properties. This is a per authentication server properties.


You can also specify a NAS IP within this same location as well.


NOTE: If you define a local NAS IP using the Configuration > Security >
Authentication > Servers page and also define a global NAS IP using the
Configuration > Security > Authentication > Advanced page, the global
NAS IP address takes precedence.


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Multiple radius source ports on controller

I mean the source UDP port of the radius request. It seems to be randomly generated but is only a single value per radius server. Can it be made to use more, e.g. one source port per AP?

Re: Multiple radius source ports on controller

You cannot change the randomly generated source port (most protocols randomize the source port) you can only change the destination port. I believe it all relates to http://tools.ietf.org/html/rfc6335


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: