Is local EAP + Web Authentication possible in Auto Anchor Configuration

CB90021204 · ‎08-26-2014

Hi,

I have a wireless network setup in an auto-anchor configuration with the foreign and anchor controllers. Due to the foreign controller being owned and managed by another company, I have an interesting authentication scenerio I would like to acheive. We can't implement full EAP-TLS as we would have to allow authentications from the foreign controller which is owned and managed by another company.

Currently Web Authentication is working correctly for the Wireless Network. As another layer of security, I want to know if its possible for the wireless clients to trust a certificate installed on the foreign controller? If so, are you able to point me in the direction of a user guide to implement.

I found the following document which describes local EAP configuration . Would this work with Web Authentication?

Thanks

Stephen Rodriguez · ‎08-27-2014

so, kinda but no. EAP is a layer 2 authentication that uses encryption as well.

WebAuth is a layer3 authentication only.

Now the kinda....you can create guest/network users on the WLC local database, and if someone logins to the webauth portal with those credentials they will be able to get on.

I'm not really sure what you are looking to do based on your post.

Personally, if I had users that were going to roam to this controller, I'd work with that companies IT and get it linked to my AAA server and keep the EAP-TLS that I had working already going. Just because that WLC would be able to communicate to your AAA doesn't mean their users would be able to get on, as they wouldn't have the machine or client certificate nor the Root CA cert on their machines.

HTH,
Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered