Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is local EAP + Web Authentication possible in Auto Anchor Configuration



I have a wireless network setup in an auto-anchor configuration with the foreign and anchor controllers. Due to the foreign controller being owned and managed by another company, I have an interesting authentication scenerio I would like to acheive. We can't implement full EAP-TLS as we would have to allow authentications from the foreign controller which is owned and managed by another company.


Currently Web Authentication is working correctly for the Wireless Network. As another layer of security, I want to know if its possible for the wireless clients to trust a certificate installed on the foreign controller?  If so, are you able to point me in the direction of a user guide to implement.


I found the following document which describes local EAP configuration . Would this work with Web Authentication?





Everyone's tags (4)

so, kinda but no.  EAP is a

so, kinda but no.  EAP is a layer 2 authentication that uses encryption as well.


WebAuth is a layer3 authentication only.


Now the can create guest/network users on the WLC local database, and if someone logins to the webauth portal with those credentials they will be able to get on.


I'm not really sure what you are looking to do based on your post.


Personally, if I had users that were going to roam to this controller, I'd work with that companies IT and get it linked to my AAA server and keep the EAP-TLS that I had working already going. Just because that WLC would be able to communicate to your AAA doesn't mean their users would be able to get on, as they wouldn't have the machine or client certificate nor the Root CA cert on their machines.



HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered