Wireless Authentication LDAP

Answered Question
Jun 8th, 2012

Hello all,

I am trying to gain a better grasp of authenticating users in a wireless environment.  I plan to deploy a 5500 series WLC that authenticates users against a LDAP server. I am having trouble understanding how to deploy wireless access to all users in the LDAP directory. I want users to user there standard login credentials to gain access to the wireless network. from my understanding you must create a certificate for each user and install it on there wireless device prior to them accessing the network for them to use the wireless network. is there away that a user can just use their credentials to log on?

I have this problem too.
0 votes
Correct Answer by Amjad Abdullah about 1 year 10 months ago

Hello Luke,

If you are going to use 802.1x with LDAP, It all depends on your EAP type that you want your clients to use.

Only EAP-TLS needs certificates on both WLC and clients. EAP-FAST needs PACS on the clients. PEAP needs a certificate on the AAA server.

If you are going to use Layer 3 authentication (web authentication) then there is no need to use certificates on clients.

Here is a config example of Local EAP with LDAP on WLC:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml

Here is a config example of Web-auth with LDAP on WLC:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

HTH

Amjad

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Correct Answer
Amjad Abdullah Sat, 06/09/2012 - 03:46

Hello Luke,

If you are going to use 802.1x with LDAP, It all depends on your EAP type that you want your clients to use.

Only EAP-TLS needs certificates on both WLC and clients. EAP-FAST needs PACS on the clients. PEAP needs a certificate on the AAA server.

If you are going to use Layer 3 authentication (web authentication) then there is no need to use certificates on clients.

Here is a config example of Local EAP with LDAP on WLC:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml

Here is a config example of Web-auth with LDAP on WLC:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

HTH

Amjad

lukedp@au1.ibm.com Sat, 06/09/2012 - 19:17

Thankyou Amjad,

i am a little clearer on the topic know.

I will be using eap-tls know and use a radius server with NPS autoenroll to send out certifcates.

Actions

Login or Register to take actions

This Discussion

Posted June 8, 2012 at 10:01 PM
Stats:
Replies:3 Avg. Rating:5
Views:684 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard