Wireless Access

We have configured a server group containing LDAP server and internal database for authenticating the user. We are not able to configure the fail through for this group and it is giving error as "

Failthrough cant happen for dot1x without termination

Because of this users are getting checked against only internal database and authentication is getting failed. How to enable the fail through in this case?

Fail through works best if you are just using captive portal for authentication.  If you are using 802.1x, you need to (1) enable termination and (2) upload a server certificate that your users trust to the controller.  It could be quite a bit of work just to achieve failthrough between ldap and the internal database.

Are you doing 802.1x?

Hi Mr.Colin Joseph,

We are doing captive portal authentication for employees and guests . they will get only internet access in wireless network. Employees authentiication is against LDAP server and guest user authentication is against internal database.

When we were testing , LDAP server was not reachable. After LDAP server came into live , proper authentication is happening for the users. But we havent enabled the fail thorugh for the server group. But how the controller is cheking with next auth server and giving the result?

IS it not mandatory to enable that option?

Thanks,

Tamil.

Tamil,

The error message that you have is when a server group is assigned to a AAA profile.

You want to check your server group in your Captive Portal authentication profile to see if it is assigned to a AAA profile by going to Configuration> Security> Authentication> L3 Authentication> Captive Portal Authentication Profile.  Find the Captive Portal Authentication Profile that is yours and click on the server group attached to it.  Click on "show references" to see where your server group is used.  Alternatively, you can just create another server group and add the internal database and the LDAP server to that group and assign it to the Captive Portal Authentication Profile.