Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Wireless AD Authentication Setup

I work for a school system and we are currently entertaining the idea of BYOD. We have a Cisco 4404 controller and what I would like to do in order to prepare for BYOD is to create a wireless network that can be connected to with AD credentials. So basically, on any device, when users try and connect to this specific WLAN they will be prompted to put in their AD username and password to get access, that’s it, no other passwords. I will be using the Network Policy Server role in Server 2008 R2 as my radius server. Was looking for some help on how to actually set up the policy within NPS for this type of authentication. Also, on the controller side, am I basically just setting up the WLAN and then setting up the authentication server on the AAA Servers tab for security? Leave Layer 2 and Layer 3 tabs blank if I only want to use AD credentials?


Hall of Fame Super Silver

Re: Wireless AD Authentication Setup

Your best best is to use webauth in which the user will be forced to enter their AD credentials on the portal page. All you really need in you NPS policy is to change the service type to login. I wouldn't do any type of 802.1x unless you want to support those devices.


Scott Fella

Sent from my iPhone

*** Please rate helpful posts ***

Wireless AD Authentication Setup

Thanks for the quick reply Scott. 

So in security > Layer 3 tab just select web auth and leave type as Authentication?  Then as long as I have a AAA server defined the auth will look to that server to authenticate the user's AD credentials?

The devices we are looking to allow would be tablets, laptops, iphones, android phones.  Will this setup work for all of these types of devices?

Thanks again for your help.

Hall of Fame Super Silver

Wireless AD Authentication Setup

Correct.... but in you NPS policy, you need to make sure the service type is login.

*** Please rate helpful posts ***
CreatePlease login to create content