Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1246
Views
10
Helpful
8
Replies

[ASK] Does Cisco WLC 5508 support config AD with Windows Server 2016 FFL?

williammanurung
Level 1
Level 1

‎06-09-2020 01:41 AM - edited ‎07-05-2021 12:09 PM

Hi Everyone,

 

I want to upgrade my active directory to windows server 2016 forest functional level, then is it possible for my wlc configure radius server authentication to active directory windows server 2016?

 

Best regards,

 

William

 

Labels:
0 Helpful
8 Replies 8

Rafael E
Cisco Employee
Cisco Employee

‎06-09-2020 04:48 AM

If you want to use AD as your user database you need a RADIUS server in between so that RADIUS manages the communication with Active directory. 

WLC does not support that communication. 

Saludos,
Rafael - TAC
0 Helpful

williammanurung
Level 1
Level 1
In response to Rafael E

‎06-09-2020 05:57 AM

Hi rafael,

 

So, can we only configure radius server on SSID configuration in WLC?

I mean, maybe there are any other requirement compatibility matrix between windows server 2016 FFL with cisco WLC 5508?

 

William

0 Helpful

Jurgens L
Level 3
Level 3
In response to williammanurung

‎06-09-2020 06:17 AM

You can use the Windows NPS services to be your RADIUS server and integrate this with your WLC. There are many examples on the internet and it all depends on what type of EAP authentication you want to use. Below is an example of using PEAP authentication.
https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/115988-nps-wlc-config-000.html
0 Helpful

Rafael E
Cisco Employee
Cisco Employee
In response to williammanurung

‎06-09-2020 06:36 AM

there isn't from WLC perspective i would not even know that RADIUS is taking the credentials from AD. that is a communication between RADIUS and your AD. 

Saludos,
Rafael - TAC
0 Helpful

Jurgens L
Level 3
Level 3
In response to Rafael E

‎06-09-2020 06:51 AM

The reason why I suggested to take the NPS path as the WLC won't be able to do this task.
0 Helpful

Daniel Ordóñez Flores
VIP
VIP

‎06-09-2020 06:49 AM

Hi @williammanurung 

Until a couple of days ago I thought the same that Rafael, "you need a Radius Server" but the truth is you don´t. I just deploy a 5508 (8.5.161.) without a radius server. I just follow this post:

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/211277-WLC-with-LDAP-Authentication-Configurati.html

 

Actually  I got the answer for a TAC Engineer because I thought I need to configure NPS service on one 2012 server, but actually, AD and WLC can communicate directly, is no the best option, but they can

 

Regards 

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**

williammanurung
Level 1
Level 1
In response to Daniel Ordóñez Flores

‎06-14-2020 01:47 AM

Hi @Daniel Ordóñez Flores 

 

What version Windows Server do you use?

 

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to williammanurung

‎06-15-2020 07:07 AM

I suggest you install the NPS Role with the Radius feature on a Windows Server for this, as this will allow you way more functionality. You can also do it with LDAP, but you will have some limitations.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card