Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Wireless NAC SSO

We currently have mobile devices, such as iPhones & iPads, that don't yet support Cisco's NAC agent.

So when users get on the wifi, they have to login twice - once for the wireless 802.1x, and once for the NAC.

We found a Cisco doc, that describes how to perform SSO, so that users would only need to login once. (our users are spoiled, but that's not what this thread is about)

http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/secwlandg20/ch5_2_SPMb.html#wp1300776

Essentially we'd configure the WLC's to send RADIUS accounting info to the NAC appliance, so that it knows the user had already been authenticated, and therefore, doesn't prompt him/her to login again.

We have centralized wireless & ACS solutions, but local NAC appliances at each remote location.

While it sounds good in theory, we think this solution has some serious scalability issues.

We have 150 AP's per WiSM logical unit, (300 total per WiSM blade); that number will be a lot higher when we migrate to WiSM2.

I just don't see how the NAC appliance will be able to handle all these RADIUS accounting messages when we have hundres of AP's & thousands of wireless users getting on the network.

Has anyone done something similar?

Could you please share how you made your solution scalable?

thanks,

Kevin

  • Security and Network Management
Everyone's tags (4)
258
Views
0
Helpful
0
Replies
This widget could not be displayed.