So, I've spent the last few hours digging in the MM/WLC GUI and CLI along with the 1400 page CLI guide and Configuration guide trying to peel the onion of RADIUS. 4 authentication servers were set up for the initial build. I am trying to migrate to the last 2 and remove the first 2. I began by trying to delete one of the first auth servers. It is removed from the Server Groups but I cannot delete it from All Servers because it "is in use". I took the IP out of the Server Options and I am still in the same place. I can't seem to get rid of this first server, but I don't think it is authenticating any hosts.
What are some commands to determine what server a host is using for authentication? In the connected WLC, I am using *show user authentication-method dot1x* to get the MAC of a host, then *show auth-tracebuf mac xx:xx:xx:xx:xx:xx* and I see the name of one of the old servers. The other way would be check the log for that host.
As you can imagine, this is much more involved than that. I am currently looking for commands and ideas to clear the mud. Then, I will try to get a host to authenticate with one of the two "new" servers. I moved them up in the "ISE" server group, but it looks like the old server is still authenticating hosts as it is the third authentication server in the group.
------------------------------
Kirk Christensen
------------------------------