Wireless Authentication LDAP

Answered Question
Jun 8th, 2012

Hello all,

I am trying to gain a better grasp of authenticating users in a wireless environment.  I plan to deploy a 5500 series WLC that authenticates users against a LDAP server. I am having trouble understanding how to deploy wireless access to all users in the LDAP directory. I want users to user there standard login credentials to gain access to the wireless network. from my understanding you must create a certificate for each user and install it on there wireless device prior to them accessing the network for them to use the wireless network. is there away that a user can just use their credentials to log on?

I have this problem too.
0 votes
Correct Answer by Amjad Abdullah about 3 years 2 months ago

Hello Luke,

If you are going to use 802.1x with LDAP, It all depends on your EAP type that you want your clients to use.

Only EAP-TLS needs certificates on both WLC and clients. EAP-FAST needs PACS on the clients. PEAP needs a certificate on the AAA server.

If you are going to use Layer 3 authentication (web authentication) then there is no need to use certificates on clients.

Here is a config example of Local EAP with LDAP on WLC:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml

Here is a config example of Web-auth with LDAP on WLC:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

HTH

Amjad

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Correct Answer
Amjad Abdullah Sat, 06/09/2012 - 03:46

Hello Luke,

If you are going to use 802.1x with LDAP, It all depends on your EAP type that you want your clients to use.

Only EAP-TLS needs certificates on both WLC and clients. EAP-FAST needs PACS on the clients. PEAP needs a certificate on the AAA server.

If you are going to use Layer 3 authentication (web authentication) then there is no need to use certificates on clients.

Here is a config example of Local EAP with LDAP on WLC:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml

Here is a config example of Web-auth with LDAP on WLC:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

HTH

Amjad

lukedp@au1.ibm.com Sat, 06/09/2012 - 19:17

Thankyou Amjad,

i am a little clearer on the topic know.

I will be using eap-tls know and use a radius server with NPS autoenroll to send out certifcates.

Actions

This Discussion