Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Using WLC Local Authentication

I have created an SSID that I am planning to use WPA2-AES on.  This SSID will be for specific people who have company approved mobile devices (IPAD,  IPHONE, etc..).  The best way I can think to control that is to assign these users usernames created on the WLC.  First I believe I know where to create them (AAA/LOCAL NET USERS) but I need a little help past that. 1) Would I setup local authentication on the WLAN?  2)  Can I use WPA2 if I'm planning on doing this?  3)  If this is possible is there a good document showing how to do it?

  • Security and Network Management
2 REPLIES
Cisco Employee

Re: Using WLC Local Authentication

Hi,

There are multiple ways to get this up and running..


#1>> Using Local Net users

=======================

Here is the steps.

Configure the WLAN and map this with Corresponding Dynamic interface..

Controller >> WLAN >> New (Fill up the details)>> WLAN Edit page >> APPLY.

Configure local net users..

Security >> Local net users >> New >> Enter the Username and password >> Map this with the WLAN >> Apply.

U will done!!

#2>> Using MAC filtering

=====================

Here is the steps.

Configure the WLAN and map this with Corresponding Dynamic interface..

Controller >> WLAN >> New (Fill up the details)>> WLAN Edit page >> APPLY.

Configure the MAC filter

Security >> MAc filtertering >> New >> Provide the MAC address >> MAp it to WLAN >> Map it to Dynamic interface >> Apply.

U wil be done!!

Let me know how this works out for you!!

Regards

Surendra

Cisco Employee

Re: Using WLC Local Authentication

You need to use Local EAP on the WLC and the user DB will be locally specified on the store you mentioned, the local DB.

Here is what you are looking for

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml

Ignore the certificate part and the ldap part, just go for

wpa2 . aes . key-management 802.1x . choose the local eap profile on the ssid . point the wlc to itself (management int ip address) as a radius server on the ssid. you should be done.


Good luck!

525
Views
0
Helpful
2
Replies
This widget could not be displayed.