Help with WLC 2500

philip.gathercole — Sun, 04 Jul 2021 05:26:35 GMT

I am looking for a decent guide on how to configure the following to all work together

Cisco wireless lan controller 2500 - (which is already configured and working with the LAP's), I just need to get authentication working for our coporate lan.

It needs to use 802.1x wireless authentication with with a windows 2008 R2 NPS server that links into active directory. We also have a CA installed on our network.

I need to use EAP-TLS which I believe uses both client and server side certificates and is more tricky than PEAP.

I also need the windows 7 client settings for EAP-TLS to work with NPS and the controller/AP

Getting everything to work together if proving rather difficult.

There must be an upto guide out there, all the ones I have read include some cisco client side software which we wont be using and normally a older IAS server not NPS.

This is the config of my WLAN, should this work for EAP-TLS?

WLAN Identifier.................................. 1

Profile Name.....................................

Network Name (SSID)..............................

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Enabled

AAA Policy Override.............................. Disabled

Network Admission Control

Radius-NAC State............................... Disabled

SNMP-NAC State................................. Disabled

Quarantine VLAN................................ 0

Maximum number of Associated Clients............. 0

Number of Active Clients......................... 0

Exclusionlist Timeout............................ 10 seconds

Session Timeout.................................. 1800 seconds

CHD per WLAN..................................... Enabled

Webauth DHCP exclusion........................... Disabled

Interface........................................ vlan xx

Multicast Interface.............................. Not Configured

WLAN ACL......................................... unconfigured

DHCP Server...................................... Default

DHCP Address Assignment Required................. Disabled

Static IP client tunneling....................... Disabled

Quality of Service............................... Silver (best effort)

Scan Defer Priority.............................. 4,5,6

Scan Defer Time.................................. 100 milliseconds

WMM.............................................. Allowed

WMM UAPSD Compliant Client Support............... Disabled

Media Stream Multicast-direct.................... Disabled

CCX - AironetIe Support.......................... Enabled

CCX - Gratuitous ProbeResponse (GPR)............. Disabled

CCX - Diagnostics Channel Capability............. Disabled

Dot11-Phone Mode (7920).......................... Disabled

Wired Protocol................................... None

IPv6 Support..................................... Disabled

Passive Client Feature........................... Disabled

Peer-to-Peer Blocking Action..................... Disabled

Radio Policy..................................... All

DTIM period for 802.11a radio.................... 1

DTIM period for 802.11b radio.................... 1

Radius Servers

Authentication................................ x.x.x.x 1812

Accounting.................................... x.x.x.x 1813

Dynamic Interface............................. Enabled

Local EAP Authentication......................... Disabled

Security

802.11 Authentication:........................ Open System

Static WEP Keys............................... Disabled

802.1X........................................ Disabled

Wi-Fi Protected Access (WPA/WPA2)............. Enabled

WPA (SSN IE)............................... Enabled

TKIP Cipher............................. Disabled

AES Cipher.............................. Enabled

WPA2 (RSN IE).............................. Enabled

TKIP Cipher............................. Disabled

AES Cipher.............................. Enabled

Auth Key Management

802.1x.................................. Enabled

PSK..................................... Disabled

CCKM.................................... Disabled

FT(802.11r)............................. Disabled

FT-PSK(802.11r)......................... Disabled

FT Reassociation Timeout......................... 20

FT Over-The-Air mode............................. Enabled

FT Over-The-Ds mode.............................. Enabled

CCKM tsf Tolerance............................... 1000

CKIP ......................................... Disabled

Web Based Authentication...................... Disabled

Web-Passthrough............................... Disabled

Conditional Web Redirect...................... Disabled

Splash-Page Web Redirect...................... Disabled

Auto Anchor................................... Disabled

H-REAP Local Switching........................ Disabled

H-REAP Local Authentication................... Disabled

H-REAP Learn IP Address....................... Enabled

Client MFP.................................... Optional

Tkip MIC Countermeasure Hold-down Timer....... 60

Call Snooping.................................... Disabled

Roamed Call Re-Anchor Policy..................... Disabled

SIP CAC Fail Send-486-Busy Policy................ Enabled

SIP CAC Fail Send Dis-Association Policy......... Disabled

Band Select...................................... Disabled

Load Balancing................................... Disabled

Re: Help with WLC 2500

Scott Fella — Mon, 23 Jul 2012 20:15:37 GMT

I don't think you will find any one guide on this... This can help you get started, but its for PEAP, which is just requires minor changes on the NPS and the cleint side configuration. IAS and NPS are very similar in the configuration also.

http://pcloadletter.co.uk/2011/07/11/cisco-wifi-active-directory-auth/.

http://araihan.wordpress.com/2010/04/30/complete-guide-to-build-a-cisco-wireless-infrastructure-using-cisco-wlc-5500-cisco-1142-ap-and-microsoft-radius-server/

topic Re: Help with WLC 2500 in Wireless

Help with WLC 2500

Re: Help with WLC 2500