We have Cisco AP set up around our buiding. We also have a Cisco ACS server set up. Some of our domain users are able to go our customers sites which are on different domains and are thier work laptops to gain access to thier own domains. I know the customers are using RADAIUS and ARUBA.
I have been asked if we can allow customers to come to this office and allow then to log onto thier laptops, connect remotly through our wireless and let them connect to thier domain.
I believe this is possible through the ACS server, The ACS server would have the customer domain name configured in user and identity, Radius identity servers. The user would log in and authenticate and would be directed through a different vlan to the cust AD. Unfortunatly I am not an expert on the ACS and to be honest this is my first time that I have ever used this or set up wireless.
I have set up a test AP that is connected to the ACS. We have a Windows 7 laptop that is not on the co-perate domain that I am having issues connecting to the ACS.
The first problem was that the ACS sees the laptop and issues a certificate error -
I am currently going through the ACS manual, I understand that the ACS needs to authenticate the host (laptop) first. I will be using the external identity store as the laptop is not on the coperate domain, I cannot use LDAP, AD, RSA as an external identity store.
My questions are below and I would be grateful for any feedback
1, Can I use the Radius Identity Server?
2, Would I need to use certificates as well an external identity store, or can I use just the one.
Table of Contents
Table of ContentsOverviewConnecting a Catalyst 9800 WLC to Cisco DNA Center ManuallyConnecting an AireOS WLC to Cisco DNA Center ManuallyCisco DNA Center Assurance Deployment Guide References
The purpose of this document...
Securing devices without 802.1X
PSK (Pre-Shared-Key) WLAN is widely used for consumer & enterprise IoT onboarding as most of IoT device doesn’t support 802.1X. While PSK WLAN provides an easy way to onboard IoT, it also introduces challenges as...
Due to the certificate expiration, any new Control and Provisioning of Wireless Access Points (CAPWAP) or Light Weight Access Point Protocol (LWAPP) connection will fail to establish. The main feature that is affected will be the Acce...
Where to download
Attached files on this post
Alternatively, cloud version (only summaries)
New implementation for the WLC Config Analyzer. it is a new re-write of the application, with clean up and improved checks
Support for IOS...