2504 WLC and AD Workstations

Unanswered Question
Nov 1st, 2013
User Badges:

I have a 2504 controller, and 5 3600 APs.

We have a bunch of wireless workstations, and I would like them to be able to access the wireless without a password, just if the PC is part of the domain.


So, what Im asking is:

How can I authenticate a domain PC thru the wireless APs? Without a password. Basically, if the PC has an account on the domain, it should be allowed to have network access. If the PC is NOT part of the domain, it cannot access the network.


How can I do that?  I tried LDAP, but it requires Web Authentication, and thats not what Im looking for.


Thanks...                  

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Atkin Fri, 11/01/2013 - 05:51
User Badges:
  • Silver, 250 points or more

To do it properly you need to enable "Machine only" machine authentication a part of a protocol like PEAP-MSCHAPv2.  This means you need a RADIUS Server and some SSL Certificates as well.


The cheap and cheerful way however, is to put a WPA2-AES PSK on your WLAN and pre-configure your machines with the key.

Corneliu Paunescu Fri, 11/01/2013 - 10:39
User Badges:

If I may ask,

How do you enable "Machine Only" authentication? All I see is Web Authentication.


Thanks...

Scott Fella Sun, 11/03/2013 - 07:54
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

On the WLC WLAN, you need to oly use WPA + WPA2 then 802.1x.  For setup, you can search around to see how its configured, depending on what radius server you will use.


http://networklessons.com/wireless/peap-and-eap-tls-on-server-2008-and-cisco-wlc/


Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Actions

This Discussion