topic Hi Amitesh, The WLC is the in Wireless

Client Authentication Problem

amitesh.pandey1 — Mon, 05 Jul 2021 10:42:44 GMT

Hi All,

Can anyone tell me if i can change the method of authentication to PEAP from EAP on then WLC for a particular SSID. as my end client is having PEAP authentication but my radius is rejecting the Authentication stating that it is not matching with PEAP.

I am not finding the way where i can change the authentication type on WLC to EAP

Thanks in advance !

Hi Amitesh, The WLC is the

Ric Beeching — Mon, 10 Aug 2015 09:43:49 GMT

Hi Amitesh,

The WLC is the authenticator and therefore does not see what type of EAP authentication is used. That is determined by your client and the RADIUS server during what is known as an EAP-Type Request. On the WLC, you need to set the L2 Auth as 802.1x and this is enough to establish the initial communication between the supplicant (wireless client) and the RADIUS server.

If your server is configured for PEAP and your client is too then it should work.

Note: PEAP auth can come in two flavours but by far the most common is PEAP with MSCHAPv2. This requires a certificate to be setup on your RADIUS/NPS server to be used for securing communications. See the following links for help with this:

https://supportforums.cisco.com/sites/default/files/legacy/5/5/8/89855-Deploy%20a%20CA%20and%20NPS%20Certificate%20Server.docx

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise#Example_RADIUS_Configuration_(Windows_NPS_.2B_AD)

Please check the following

Prakash Parvathala — Wed, 19 Aug 2015 15:11:08 GMT

Please check the following links

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69730-eap-auth-wlc.html

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/100590-ldap-eapfast-config.html

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/99791-eapfast-wlc-rad-config.html