Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Wireless Authentication LDAP

Hello all,

I am trying to gain a better grasp of authenticating users in a wireless environment.  I plan to deploy a 5500 series WLC that authenticates users against a LDAP server. I am having trouble understanding how to deploy wireless access to all users in the LDAP directory. I want users to user there standard login credentials to gain access to the wireless network. from my understanding you must create a certificate for each user and install it on there wireless device prior to them accessing the network for them to use the wireless network. is there away that a user can just use their credentials to log on?

  • Getting Started with Wireless
1 ACCEPTED SOLUTION

Accepted Solutions

Wireless Authentication LDAP

Hello Luke,

If you are going to use 802.1x with LDAP, It all depends on your EAP type that you want your clients to use.

Only EAP-TLS needs certificates on both WLC and clients. EAP-FAST needs PACS on the clients. PEAP needs a certificate on the AAA server.

If you are going to use Layer 3 authentication (web authentication) then there is no need to use certificates on clients.

Here is a config example of Local EAP with LDAP on WLC:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml

Here is a config example of Web-auth with LDAP on WLC:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"
3 REPLIES

Wireless Authentication LDAP

Hello Luke,

If you are going to use 802.1x with LDAP, It all depends on your EAP type that you want your clients to use.

Only EAP-TLS needs certificates on both WLC and clients. EAP-FAST needs PACS on the clients. PEAP needs a certificate on the AAA server.

If you are going to use Layer 3 authentication (web authentication) then there is no need to use certificates on clients.

Here is a config example of Local EAP with LDAP on WLC:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml

Here is a config example of Web-auth with LDAP on WLC:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"
New Member

Wireless Authentication LDAP

Thankyou Amjad,

i am a little clearer on the topic know.

I will be using eap-tls know and use a radius server with NPS autoenroll to send out certifcates.

Wireless Authentication LDAP

Thanks Luke.

Wish you all the best with your deployment

Cheers,

Amjad

Rating useful replies is more useful than saying "Thank you"
839
Views
0
Helpful
3
Replies
This widget could not be displayed.