Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1093
Views
0
Helpful
5
Replies

Certificate based authentication with Cisco WLC and Juniper IC

mrathi_ablp
Level 1
Level 1

‎04-24-2014 07:05 AM - edited ‎07-05-2021 12:44 AM

Hi

I have a cisco WLC 4400 and Juniper IC which works as the external Radius server.

I want the wireless clients to be authenticated using certificates. I know the Juniper IC can understand certificates.

My question is can cisco WLC understand that the information being presented to it by the client is not username/pwd but a user certificate.

 

i have also looked at this article :

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/100590-ldap-eapfast-config.html

What i don't understand here is the need of WLC authenticating the user with his credentials by LDAP when it has authenticated the user cert.

 

All your help is appreciated.

Labels:
0 Helpful
5 Replies 5

Christos Stefaneskou
Level 1
Level 1

‎04-24-2014 09:14 AM

Hi,

Since you use an external radius server you don't have to worry for this.

The only config that you need to do on WLC is to define the radius server under Security-AAA-Radius-Authentication and on your WLAN-Security-AAA.

The doc you refer is only for Local Radius on WLC.

 

Hope this helps

Regards,

Christos

0 Helpful

mrathi_ablp
Level 1
Level 1
In response to Christos Stefaneskou

‎04-24-2014 12:25 PM

ok.

So we can define a SSID in the WLC with WPA-2 enterprise as security.

Also what certificates need to be uploaded to WLC?

Can you point me to a document with my kind of use case scenario.

Your help would be appreciated.

0 Helpful

Christos Stefaneskou
Level 1
Level 1

‎04-24-2014 01:15 PM

No certs are needed for the WLC. You have only to create a wpa2 ssid and define the radius server. The rest config will be on your radius server. Just search how eap-tls is deployed on juniper aaa.
0 Helpful

mrathi_ablp
Level 1
Level 1
In response to Christos Stefaneskou

‎04-24-2014 01:24 PM

I did the same thing initially.

I have a user cert on my machine and root cert on the Juniper IC.

When i tried connecting to the SSDI, I get a Error saying " the cert required to join this SSID is not available on the machine"

Hence, i was wondering if any certs are required on the WLC.

0 Helpful

Christos Stefaneskou
Level 1
Level 1
In response to mrathi_ablp

‎04-24-2014 01:32 PM

You should have a user cert and a root    CA cert on client's pc and AAA server.

Search how EAP-TLS works on juniper server.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card