Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

User authentication using Active Directory


A client ask me the following:

"I have a problem, I need to authenticate employees to our wireless network using their domain user and password, but they all have portable computers that doesn't belong to my domain".

I have one SSID using PEAP to authenticate a diferent level of users (they all have their laptops registered to the domain), I'm using ACS 3.3.3 to authenticate them.

Now I need find a way to use the second SSID to give Wireless access to all the other users (the ones who doesn't have their computer inside the domain, but have a valid user and password of the domain).

If someone have an idea, please let me know


Re: User authentication using Active Directory

If I have understood your problem correctly, there is one called Guest SSID which can be used for users who doesn;t belong to your domain.


Re: User authentication using Active Directory

You could define a different group in ACS for the guests, and authenticate them against the "local database" using a common or on-demand ID & password.

You could implement a "Captive Portal:" users get a GUI sign-on that will set up their access depending on their login (also permits some filtering and a "Terms of Use" acknowledgement)

Cisco has BBSM ($$), there are also some open source Captive Portals, most are Linux based (like "nocat"). Google on "Captive Portals" and pick one that suits your need.

You might be able to set up a VPN for the non-AD personnel (using Microsoft PPTP/L2TP VPN). It's something most folks are likely to have (Macs and *nix would work but require a little more setup) and would prevent/reduce/discourage drive-by bandwidth thiefs.

Good Luck


Cisco Employee

Re: User authentication using Active Directory


Even if the machines do not belong to the domain but can connect to the SSID, ACS can authenticate the users to Active Directory. AD will be configured as an external database.

This does not require the machine to be a part of the domain.

CreatePlease login to create content