Joseph Vasanth Louisis a Software Engineer (CCIE Wireless #40860) in Wireless Engineering Team. In this video series Joseph will explain "How to configure 802.1X/EAP using External server, Local radius server and LDAP" on Converged Access (Cisco 5760 WLC and Cisco Catalyst 3850).
802.1x/EAP can be configured using an External AAA server or with the local radius server inbuilt on the controller. The configuration is a bit different from the wlc because on the ngwc device, you have to create a radius server, map it to group, map the group to a method list and call the method list on the wlan.
In case of LDAP, it is only used for authorization and authentication is done at the local radius server. The video gives the steps taken in configuring the ldap server groups and method lists for the same.
Brief introduction about Converged Access Mode for Cisco 5760 Wireless LAN Controller and Cisco Catalyst 3850:
Unified Access CT5760 Wireless Controller
The CT5760 Wireless LAN Controller (WLC) is the first Cisco IOS® software-based controller built with smart ASIC intended to be deployed as a centralized controller in the next generation unified wireless architecture. CT5760 controllers are specifically designed to function like the older unified model central wireless controllers. They also support the newer Mobility functionality with Next Generation Wireless Controllers 3850 switches in the wireless architecture.
CT5760 controllers are deployed behind a core switch/router. The core switch/router is the only gateway into the network for the controller. The uplink ports connected to the core switch can be configured as EtherChannel trunk to ensure port redundancy.
This new controller is an extensible and high performance wireless controller, which can scale up to 1000 access points (AP) and 12,000 clients. The controller has 6 10 Gbps data ports.
As a component of the Cisco Unified Wireless Network, the 5760 series works in conjunction with Cisco Aironet Access Points, the Cisco Prime Infrastructure, and the Cisco Mobility Services Engine to support business-critical wireless data, voice, and video applications.
Unified Access Catalyst 3850 Switches
The Unified Access Catalyst 3850 switch is a flexible ASIC-based hardware that can support multiple protocols and has many advantages over the current hardware platform. The Catalyst
3850 switch has an integrated hardware-based wireless support with Control and Provisioning of Wireless Access Points (CAPWAP) and fragmentation. It also has 40 GB of uplink bandwidth when all ports function at line rate.
The next-generation Cisco Catalyst 3850 Switch meets the current and future demands of enterprise access-layer networks. As these networks incorporate ever more technologies, they must be secure, scalable, and resilient. The Cisco Catalyst 3850 Switch offers operational simplicity, scalability, and superb performance. The new Cisco StackWise-480 stack architecture delivers the industry’s best-in-class stack bandwidth and resiliency.
The Cisco Catalyst 3850 Switch supports the powerful next-generation Cisco IOS XE Software. The modular Cisco IOS XE Software architecture enables rich, scalable, and cost-effective integrated borderless networking services.
The Cisco Catalyst 3850 Switch is the first stackable access-layer switch that provides both wired and wireless services on a single Cisco IOS XE Software-based platform.
Configuring Local Auth with WPA2/ DOT1X on Converged Access
Configuring LDAP with WPA2 DOT1X on Converged Access
Configuring WPA2 - Dot1x on Converged Access
Configure 802.11r WLAN using CLI and GUI on Converged Access (5760 WLC and Catalyst 3850) Video series by Karthickeyan Prabanandhan:
Hi all, I must implement QoS on a 5520 WLC already working in local mode, I am new to QoS on WLC and I can't find much on the web. Any help for a usefull guide of how to configure QoS on WLC? I know differences between DSCP, ToS, CoS, and DSCP i...
Hi,I just upgraded firmware of WLC to 17.3.20200621 but after the upgrade, whenever i login to controller it shows password policy message.I tried configuring password policy by going to Configuration -> AAA -> AAA Advanced -> Password policymade...
hi everybody i have tested wired guest lan with one C9800 Foreign in the LAN and one C9800 Anchor in the DMZ.it works very well with this.but with this architecture "foreign/anchor", i must have 2 C9800 and use a DMZ. it's possible to use a gues...
Hi,Currently have a couple of C9800 controllers in a LAB environment for a POC. They both at this time connect to the same switch but on different subnet's so no firewall to consider. Each WLC can ping each other, yet I am struggling to bring up the ...