I have a WLC model 4404 with software version 126.96.36.199.
I have 2 SSIDs: Wireless and Guests
- Wireless: use [WPA + WPA2][Auth(802.1X)]
- Guests: use Web-Auth
In the SSID Guests (WLANs -> Edit >Security AAA Servers I have no any Server enable -all option are NONE and Not enabled-).
I do understand that the query for authentication is attempted ONLY locally at the WLC but not in the ACS (ACS is configured at Security -> RADIUS -> Authentication).
When an user from the Web authentication Page inserts user and password from Wireless SSID (users that need to be authenticated in the Active Directory via ACS) it is authenticated.
I need to change this behaviour.
Depending on what code you are using there are some options.
6.0 and higher, there is an option in the WLAN directly, to select only LOCAL.
5.2 and below, under the Radius Authenticaiton servers, uncheck the Network User box. This check box allows the WLC to use the server(s) globally, meaning if it's not specifically defined under the WLAN, it can/will still be used