Wireless Authentication LDAP

Answered Question
Jun 8th, 2012

Hello all,

I am trying to gain a better grasp of authenticating users in a wireless environment.  I plan to deploy a 5500 series WLC that authenticates users against a LDAP server. I am having trouble understanding how to deploy wireless access to all users in the LDAP directory. I want users to user there standard login credentials to gain access to the wireless network. from my understanding you must create a certificate for each user and install it on there wireless device prior to them accessing the network for them to use the wireless network. is there away that a user can just use their credentials to log on?

I have this problem too.
0 votes
Correct Answer by Amjad Abdullah about 2 years 9 months ago

Hello Luke,

If you are going to use 802.1x with LDAP, It all depends on your EAP type that you want your clients to use.

Only EAP-TLS needs certificates on both WLC and clients. EAP-FAST needs PACS on the clients. PEAP needs a certificate on the AAA server.

If you are going to use Layer 3 authentication (web authentication) then there is no need to use certificates on clients.

Here is a config example of Local EAP with LDAP on WLC:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml

Here is a config example of Web-auth with LDAP on WLC:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

HTH

Amjad

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Correct Answer
Amjad Abdullah Sat, 06/09/2012 - 03:46

Hello Luke,

If you are going to use 802.1x with LDAP, It all depends on your EAP type that you want your clients to use.

Only EAP-TLS needs certificates on both WLC and clients. EAP-FAST needs PACS on the clients. PEAP needs a certificate on the AAA server.

If you are going to use Layer 3 authentication (web authentication) then there is no need to use certificates on clients.

Here is a config example of Local EAP with LDAP on WLC:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml

Here is a config example of Web-auth with LDAP on WLC:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

HTH

Amjad

lukedp@au1.ibm.com Sat, 06/09/2012 - 19:17

Thankyou Amjad,

i am a little clearer on the topic know.

I will be using eap-tls know and use a radius server with NPS autoenroll to send out certifcates.

Amjad Abdullah Sat, 06/09/2012 - 23:23

Thanks Luke.

Wish you all the best with your deployment

Cheers,

Amjad

Actions

Login or Register to take actions

This Discussion

Posted June 8, 2012 at 10:01 PM
Stats:
Replies:3 Overall Rating:5
Views:785 Votes:0
Shares:0
Tags: No tags.
 

Discussions Leaderboard

Rank Username Points
1
Scott Fella
9,961
2
Leo Laohoo
4,466
3
George Stefanick
2,712
4
Stephen Rodriguez
2,579
5
Manannalage ras...
2,495
Rank Username Points
Manannalage ras...
90
Scott Fella
48
Freerk Terpstra
40
Leo Laohoo
31
Sandeep Choudhary
31