I have an issue where we are using 1130 autonomous APs throughout the office (all on the same subnet) with 802.1x EAP-TLS employed and users are authenticating to IAS (Radius with back end AD). There is an application that is on wireless tablets and users are dropped when they roam from AP to AP. So we needed to configure the APs for secure roaming.
I configured WDS on one of the 1130 APs with authentication to the IAS server. As you might have guessed, the authentication failed because WDS is using LEAP and the IAS server does not recognize LEAP.
I then tried to create a local radius server on the WDS configured AP but it is interfering with AD users being able to authenticate to the IAS. Also, the other APs were not properly regisering with the WDS (kept stating that AUTH-IN-PROG).
Is there a way for me to configure the WDS to authenticate to the IAS server with EAP instead of LEAP?
If not, is there a way to configure the WDS to send AD users to the IAS server, but send the WDS authentication account to the local Radius server? I do not see an area where you can specify that the WDS account use the local Radius server and everyone else use the IAS server.
Re: WDS Issues with IAS and Local Radius on a 1130 AP
Check the options for EAP and LEAP in the WDS page. Initially make that sure all clients connecting to a access point authenticate either to WDS Local Radius or to IAS server . Then on each AP go to SSID manager under server priorities go to EAP authentication just choose only the priority 1 either the ip address of IAS or ip address Local Radius server
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...