Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Display Username instead of Roaming Identity in WCS

Hi Cisco Support Community,

I need your kind assistance in assisting us on this issue. As for this case, we need to find out how to configure the display client name using Username instead of Roaming Identity.

We brought 2 units of AIR-WLC-4402-50-K9 from Cisco and hope someone from Cisco could assist on my question.

Is it possible to display client name using Username instead of Roaming Identity?

Is there any configuration need to be done in WLC in order for the Username to be displayed in WCS?

Please refer to the screen shot.

Please help. Thank You.

Junhan

Everyone's tags (1)
1 REPLY
Cisco Employee

Re: Display Username instead of Roaming Identity in WCS

Hi,

This is a security design question. Methods using TLS tunnel like EAP-TTLS, EAP-PEAP,EAP-TLs, etc ... build a tunnel and then authenticate inside.

The WLC only reads information about the outer tunnel. usually the username there is "anonymous" or some other random username (=roaming identity). This username is not authenticated, it's just used to build a tunnel.

WLC cannot read what is inside the tunnel because it forwards it to ACS (or radius server). Only ACS knows the real username of the user.

So WLC/WCS cannot figure out the username unless you put an outer identity equal to the real username of the client

Hope this clarifies

===

Dont' forget to rate useful posts

761
Views
0
Helpful
1
Replies
CreatePlease login to create content