cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
configure & troubleshoot anyconnect
1213
Views
0
Helpful
4
Replies
Beginner

WAP4410N based WiFi network authentication

Hi,

We have 10 WAP4410N accesspoints and we want to do authentication on a Windows Active Directory server. Could somebody explain me how to do this or point me to some documentation by which we can do this? Only users in the Windows AD need to get access to network after entering their user id and password. Either Windows or Linux based solutions will do.

Regards,

Biju Abraham.

Everyone's tags (2)
4 REPLIES 4
Cisco Employee

Re: WAP4410N based WiFi network authentication

Hi,

To be honest with you, i am not a wireless person. i searched and i found this link for you.

http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.2_15_JA/configuration/guide/o13auth.html#wp1034700

Hope this helps.

Regards,
Anisha

P.S.: Please mark this post as resolved if you feel your query is answered.

Beginner

Re: WAP4410N based WiFi network authentication

Hi Biju,

You can use Cisco's ACS 5.x as either a hardened Linux appliance or a VMWare image.  It has good AD integration and the process for ACS 5.x authenticating to an AD backend takes only a few minutes.  There are just a few steps and it goes like this:

1) In the "Network Resources" pane:

-Define your wireless controllers or autonomous APs, check the RADIUS box, and set the secret that is shared with your wireless APs.

2) In the "Users and Identity Stores" pane:

-Define your AD domain and credentials to access your AD tree.

3) In the "Access Policies" pane:

-Define an access policy (selecting the MS-CHAPv2 and probably PEAP protocals) for your wireless authentication, say Cisco-Wireless.

-Define a "Service Selection Rule" and from the "Results -> Service" dropdown select Cisco-Wireless access service you already made.

Now you have an access policy named Cisco-Wireless with two categories: Identity & Authorization.

-Identity - Leave at default of "Single result selection" since all AD users are allowed access.

-Authorization - You don't need any rules since you aren't discriminating among AD users (if they can authenticate to AD they are fully authorized for network access).  Just set the default rule at the bottom to "permit access."

4) Install SSL certs:

In the "Users and Identity Stores" pane:

-Add a root CA or intermediate cert to "Certificate Authorities."  (For example a Verisign intermediate cert)

In the "System Administration" pane:

-Add an EAP certificate in the "Local Certificates" section and add your CA signed cert.

For particulars of getting a CA signed cert for ACS 5.x, refer to this: https://supportforums.cisco.com/message/3065177#3065177

That's it.  Enjoy.
Mark

Beginner

Re: WAP4410N based WiFi network authentication

Hi Mark,

Thank you very much for the information. From what I gather from Cisco's

site, ACS is licensed and I don't know the cost. Do you know any freeware

to manage the Linksys WAP4410N? Please let me know.

Regards,

Biju.

Highlighted
Beginner

Re: WAP4410N based WiFi network authentication

Freeradius is the free RADIUS server in widest use and I think should work ok for AD, though I've not used it.  You should be able to google up some AD integration instructions.  Joining the user support mailing list is the best way to go for support on open source software.

Mark