I am neew to this wireless access, this is my very first project. our compny had decided to implement cisco wireless. we need to setup this wlc with active directory login so internal and mobile user can use it for all internal resource, but when they use wireless to connecto network they can't browse internet, guest are allowed to browse internet but, can't access any internal resource, I got guest working and setup rule in asa5505, so they are only allowed to access internet, but i can't get entrprise user authenticate with AD, this is my setting, I have 3 Dellswitch (6248), firewall (ASA5505), WLC (2504),5 AP (2602i).
On swtich I have 3 vlan setup vlan 50 untaged for managment, vlan 10 for guest tagged all the way to firewall and out to internet, vlan 20 tagged for enterprise user, had setup in all 3 switches.
I need to help,
what exact setting i need to mak to vlan 50? do i need to set all server port to in vlan 50? what mode? trunk/access
I hope you can find this helpfull:
The connection between your WLC and you Switch must be trunk mode. Your connection between your Switch and your AP's must be access and mapped to admon vlan.
Thank you for quick answer, it is trunk between WLC 2504 --> switches and access port between WLC 2504 --> server and work station, what do you mean by admin vlan? do i need to setup access port from switch --> authentication server for ldap authentication too?
Do WLC need to vlan to managment vlan to ldap server for authentication? I can ping ldap server from wlc consol. but i don't see any error or event log. i did setup ldap setting in security/AAA/ldap page.
WLC <--> Swich = TRUNK
AP's <--> Switch = ACCESS
Admin Vlan = Managment Vlan
You have some option for authentication, indeed the WLC ca do authentication...so you need to use LDAP ?
thank againg for quick reply, how do you "WLC ca do authentication" I try to follow manuel with 7.5 vrsion but it confusing for me, ther is no step by step config scenario or config to follow. can you help me to setup/
Yes I can but fistly you need to decided what kind of authentication you need. The easy way is to setup WPA + WPA2 something more complex could be 802.1x with a RADIUS or LDAP.
if i do WPA+WPA2 it will be not trusted device or user to network, remember we do have guest come by more often and we have to give them access internet access, so mychoice will be 802.1x with radius, but how do I set them up. will this prompt user for network username and password? wil they able to browse all network resource? how can I test it before I deploy it in production. for test I bought my Acer tablet with me. but I don't see prompt for username and password.
isn't WEP is weak password policy? 802.1x use WEP policy, it is asking for password, where do i setup password?
Ok if you decided use 802.1X you need AAA server.
will this prompt user for network username and password?
It depends what kind of method will use but some of them you need to install a certificate on the server and client or just on the server.
will they able to browse all network resource?
What is the propouse setup this wireless network? What the difference between your wide network and the wireless? ar already shared resources?
how can I test it before I deploy it in production?
Well don't worry because it something new, so we can test it before it goes to production enrioment.
I rather use LDAP for it, yes all reesources are shared, but wanted to block access for guest, and authenticate user with AD, cause user have some restriction to some area, wanted to implement that retriction also.
On WLC side that's quite easy... more work is with Windows. You have active directory, you need RADIUS server. On windows that has a name , - NPS (Network Policy Server). There is a guide how to configure it:
On WLC you need to add this NPS as RADIUS server, and configure it on your WLAN. That's all!
thank you , I have done all this part, but don't know what security setting i need to set on WLC side, and how to test it.
Look at this link:
That's old, but useful!