Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Certificate based authentication with Cisco WLC and Juniper IC

Hi

I have a cisco WLC 4400 and Juniper IC which works as the external Radius server.

I want the wireless clients to be authenticated using certificates. I know the Juniper IC can understand certificates.

My question is can cisco WLC understand that the information being presented to it by the client is not username/pwd but a user certificate.

 

i have also looked at this article :

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/100590-ldap-eapfast-config.html

What i don't understand here is the need of WLC authenticating the user with his credentials by LDAP when it has authenticated the user cert.

 

All your help is appreciated.

Everyone's tags (1)
5 REPLIES

Hi,Since you use an external

Hi,

Since you use an external radius server you don't have to worry for this.

The only config that you need to do on WLC is to define the radius server under Security-AAA-Radius-Authentication and on your WLAN-Security-AAA.

The doc you refer is only for Local Radius on WLC.

 

Hope this helps

Regards,

Christos

New Member

ok.So we can define a SSID in

ok.

So we can define a SSID in the WLC with WPA-2 enterprise as security.

Also what certificates need to be uploaded to WLC?

Can you point me to a document with my kind of use case scenario.

Your help would be appreciated.

No certs are needed for the

No certs are needed for the WLC. You have only to create a wpa2 ssid and define the radius server. The rest config will be on your radius server. Just search how eap-tls is deployed on juniper aaa.
New Member

I did the same thing

I did the same thing initially.

I have a user cert on my machine and root cert on the Juniper IC.

When i tried connecting to the SSDI, I get a Error saying " the cert required to join this SSID is not available on the machine"

Hence, i was wondering if any certs are required on the WLC.

You should have a user cert

You should have a user cert and a root    CA cert on client's pc and AAA server.

Search how EAP-TLS works on juniper server.

315
Views
0
Helpful
5
Replies
CreatePlease login to create content