Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Configure Microsoft IAS for Guest Users

Introduction:

This document covers configuring the Microsoft IAS for guest access. It does not cover configuring the Wireless LAN Controller.

Background:

The controller sends an access request with an authentication type of PAP. We expect to receive back an access-accept as well as a service type indicating the level of access.

Configuration:

1. Create a new policy, using custom policy. Do not use the wizard and select wireless, as this will try to enable an EAP type:

Step1.jpg

2. Modify the Policy conditions to authentication = PAP, and Windows-Group Matches = the OU for the guest users:

IAS2.jpg

NOTE: this assumes you have PAP configured on the controller under Controller->General->Web Radius Authentication. It may be changed to other methods.

3. Select Grant remote access permission as shown in previous picture

4. Under the Authentication tab, remove all methods except for Unencrypted:

IAS4.jpg

5. Under the encryption tab, uncheck all boxes except for No encryption:

IAS5.jpg

6. Finally under the advanced tab, set the Service-Type to be Login:

IAS6.jpg

Comments
New Member

This is a REALLY well written doc.

Thanks for you work!

e

2146
Views
5
Helpful
1
Comments