This document covers configuring the Microsoft IAS for guest access. It does not cover configuring the Wireless LAN Controller.
The controller sends an access request with an authentication type of PAP. We expect to receive back an access-accept as well as a service type indicating the level of access.
1. Create a new policy, using custom policy. Do not use the wizard and select wireless, as this will try to enable an EAP type:
2. Modify the Policy conditions to authentication = PAP, and Windows-Group Matches = the OU for the guest users:
NOTE: this assumes you have PAP configured on the controller under Controller->General->Web Radius Authentication. It may be changed to other methods.
3. Select Grant remote access permission as shown in previous picture
4. Under the Authentication tab, remove all methods except for Unencrypted:
5. Under the encryption tab, uncheck all boxes except for No encryption:
6. Finally under the advanced tab, set the Service-Type to be Login:
This is a REALLY well written doc.
Thanks for you work!