Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
302
Views
0
Helpful
1
Replies

8021x authenticated access of AP's with WLC

Alan Douglas
Level 1
Level 1

‎05-08-2016 12:04 PM - edited ‎07-05-2021 05:01 AM

Hi there

I have a cisco 2504 WLC with 1600 and 1700 series access pointes.

For several reason we have to put authentication controls on AP's in a certain part of our office, we use 802.1x lan authentication with windows 2008 radius servers backed on to active directory.

When I've added non windows kit for LAN authentication before I've always have to add @domain.name at the end of the username and password to the username for it to authenticate against AD.

If I try and add a username in that format into the 8021x supplicant section for the access point on the WLC it refuses to add the @

I get the error

blanks only number, illegal characters are not allowed in the username

Does anyone know if there's a workaround for this?

It hard to tell if this should or should not work, I've seen documentation for other cisco ap's that suggest @ should be legal at the AP level so I'm not sure if its that or a controller issue.

Any suggestions appreciated

Labels:
0 Helpful
1 Reply 1

Freerk Terpstra
Level 7
Level 7

‎05-08-2016 01:44 PM

Cisco access-points only support EAP-FAST to authenticate themselves against the network infrastructure. Sadly EAP-FAST is not support within Microsoft's NPS implementation. I'm afraid that the only way for you to get this going is with the use of MAB, which is less secure and a pain to configure within NPS. Another solution (again less secure) might be to configure sticky port-security for the interfaces on which access-points are connected on.

Please rate useful posts... :-)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card