wlc and microsoft server 2008R2 NPS

Unanswered Question
Aug 21st, 2011

hi,

could someone pls give me a brief idea on how to use microsoft server 2008R2 NPS with cisco wlc 4400.

am i correct, each LWAPP AP have to be connected to NPS . (this AP is also called access server)?

when client tries to connect to the wlan, (in this case lets say we want a user in AD, after providing its creds, can access the network, internet etc) the auth req is sent from AP to NPS/RADIUS?

where does WLC come into play here, what does WLC do?

Thanks for help in advance,

Blues

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Surendra BG Sun, 08/21/2011 - 06:35

Hi,

Wats u teling exactly holds good for Autonomous Infrastructure not for LWAPP based.. in WLC (LWAPP) based.. its the WLC management ip is the AAA client.. RADIUS protocol runs between WLC and the IAS / ACS and between the AP and the WLC its LWAPP tunnel..

Here is the link which nat give some more info on the same!!

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70sol.html#wp1040053

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665d18.shtml

Please dont forget to rate the usefull posts!!

Regards

Surendra

b.bettle2000 Sun, 08/28/2011 - 05:35

thanks Shaqpappi and Surendra, will try it later.

One more question on the same topic, I am using MS NPS server  2008R2. On the RADIUS clients ,should not I just need to add the WLC4402  only? Do I have to add all the catalyst switches and aironets as well to implement 802.1X EAP-TLS??

Thank you.

shaqpappi Sun, 08/21/2011 - 23:58

It is assumed you are using 802.1x correct? If so then it works like this:

In security/radius/authentication you must configure an ip address to where your clients will get a user certificate (only one example of many ways you can configuration) also there needs to be a pre-shared key that matches one entered in authenticating server. For instance it's "password" then both radius server and wlc need to have exact same key.

So basically your wlc will push wifi clients to radius server to get authenticated and once it confirms user is in all proper security groups in AD it tells controller user is okay to access network. Obviously it's more complex but this is a general overview.

Sent from Cisco Technical Support iPad App

Actions

This Discussion

 
 
 

Trending Topics - Security & Network