Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

2504 WLC and AD Workstations

I have a 2504 controller, and 5 3600 APs.

We have a bunch of wireless workstations, and I would like them to be able to access the wireless without a password, just if the PC is part of the domain.

So, what Im asking is:

How can I authenticate a domain PC thru the wireless APs? Without a password. Basically, if the PC has an account on the domain, it should be allowed to have network access. If the PC is NOT part of the domain, it cannot access the network.

How can I do that?  I tried LDAP, but it requires Web Authentication, and thats not what Im looking for.



2504 WLC and AD Workstations

To do it properly you need to enable "Machine only" machine authentication a part of a protocol like PEAP-MSCHAPv2.  This means you need a RADIUS Server and some SSL Certificates as well.

The cheap and cheerful way however, is to put a WPA2-AES PSK on your WLAN and pre-configure your machines with the key.

New Member

2504 WLC and AD Workstations

If I may ask,

How do you enable "Machine Only" authentication? All I see is Web Authentication.


Hall of Fame Super Silver

2504 WLC and AD Workstations

On the WLC WLAN, you need to oly use WPA + WPA2 then 802.1x.  For setup, you can search around to see how its configured, depending on what radius server you will use.



Help out other by using the rating system and marking answered questions as "Answered"

*** Please rate helpful posts ***
CreatePlease to create content