cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2462
Views
5
Helpful
1
Comments
Stephen Rodriguez
Cisco Employee
Cisco Employee

Introduction:

This document covers configuring the Microsoft IAS for guest access. It does not cover configuring the Wireless LAN Controller.

Background:

The controller sends an access request with an authentication type of PAP. We expect to receive back an access-accept as well as a service type indicating the level of access.

Configuration:

1. Create a new policy, using custom policy. Do not use the wizard and select wireless, as this will try to enable an EAP type:

Step1.jpg

2. Modify the Policy conditions to authentication = PAP, and Windows-Group Matches = the OU for the guest users:

IAS2.jpg

NOTE: this assumes you have PAP configured on the controller under Controller->General->Web Radius Authentication. It may be changed to other methods.

3. Select Grant remote access permission as shown in previous picture

4. Under the Authentication tab, remove all methods except for Unencrypted:

IAS4.jpg

5. Under the encryption tab, uncheck all boxes except for No encryption:

IAS5.jpg

6. Finally under the advanced tab, set the Service-Type to be Login:

IAS6.jpg

Comments
ESIGO1_2
Level 1
Level 1

This is a REALLY well written doc.

Thanks for you work!

e

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: