Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco WLC 2500 Active directory integration

Hello to all!!

I recently bought a Cisco WLC 2500. I want to configure a WLAN with Active directory autentication.

How I can do this??

There is any guide or configuration example?

Thanks!

4 REPLIES
Hall of Fame Super Silver

Re: Cisco WLC 2500 Active directory integration

Truro use a radius server. Search for wlc peap ias or nps

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080921f67.shtml

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Re: Cisco WLC 2500 Active directory integration

You can use LDAP to connect to the AD for authentication. This needs you to utilize local EAP.

Here is a config example: http://tiny.cc/ctulcw

The above link

The problem with LDAP integration with AD is that you are only restricted to some EAP types.
The supported types are EAP-FAST, EAP-TLS and LEAP.

quoting from the above link:

Local EAP supports LEAP, EAP-FAST, EAP-TLS, P EAPv0/MSCHAPv2, and PEAPv1/GTC authentication between the controller and wireless clients.

The LDAP backend database supports these Local EAP methods:

EAP-FAST/GTC

EAP-TLS

PEAPv1/GTC.

LEAP, EAP-FAST/MSCHAPv2, and PEAPv0/MSCHAPv2 are also supported, but only if the LDAP server is set up to return a clear-text password. For example, Microsoft Active Directory is not supported because it does not return a clear-text password. If the LDAP server cannot be configured to return a clear-text password, LEAP, EAP-FAST/MSCHAPv2, and PEAPv0/MSCHAPv2 are not supported.

The only common supported EAP types shared between local EAP and LDAP (as it's backend server) is EAP-TLS PEAPv1/GTCand EAP-FAST. So if you are going to use this option you need probably to use one of those types.

You can also use a radius server and integrate the radius server with AD. This is a much better optoin where you can use whatever EAP type supported by the radius server. If you can take the radius server option then I don't recommend to go to local EAP option with LDAP. RADIUS erver option is much better. Use only the local eap if you have small environment or you can't by anyway utilize a radius server.

Hope this helps.

Amjad

Rating useful replies is more useful than saying "Thank you"
Community Member

Cisco WLC 2500 Active directory integration

I have the same problem. I wondered if you had fixed yours. We are using Active Directory on 2008 R2 for our Domain Controller. Everything I have seen so far is Server 2003. We have 2 networks, one a guest that we do the local user configuration and generate passwords as needed. The other I would like to tie to AD so my internal users can authenticate. I did a Tac case on it but they say it is my Windows config that is wrong. (still not resolved) I got the AD Guru on it and they can't seem to see anything wrong either. I know it is probably as simpl as a radio button click. Any help would be appreciated.

Thanks,

Mike Seden

Hall of Fame Super Silver

Re: Cisco WLC 2500 Active directory integration

Are you using radius or not? It's easier to accomplish this if you just bring up a Microsoft radius server either IAS (2003) or NPS if your on 2008.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
3332
Views
0
Helpful
4
Replies
CreatePlease to create content