ā04-29-2019 12:28 AM - edited ā07-05-2021 10:17 AM
I have a cisco WLC 3504 and Ubuntu Radius Server which works as the external Radius server.
I want the wireless clients to be authenticated using certificates and what will be SSID security settings for this?? Is there any documentation link for this??
Solved! Go to Solution.
ā04-29-2019 02:06 AM
Effectively the you need to do following:
Add the RADIUS server to the WLC
Configure the WLAN for WPA2 Enterprise 802.1x authentication AS per the WLC parts of this document:
Where it goes through ISE configurations you need to configure your RADIUS server to EAP-TLS
Here is how FreeRADIUS does it:
ā04-29-2019 01:18 AM
Hi Afroza,
Please refer this Configure-802-1x-PEAP-with-FreeRadius
ā04-29-2019 02:06 AM
Effectively the you need to do following:
Add the RADIUS server to the WLC
Configure the WLAN for WPA2 Enterprise 802.1x authentication AS per the WLC parts of this document:
Where it goes through ISE configurations you need to configure your RADIUS server to EAP-TLS
Here is how FreeRADIUS does it:
ā04-30-2019 02:25 AM
Hello Haydn,
The solution has worked thanks for your help.
I have another query, the radius server expert says that they need 60s to verify the certificate and asked me is there any option in WLC where I have to put timer for this 60s certificate validation.
ā04-30-2019 03:06 AM
Glad i could help, make sure you help others out by marking solutions as accepted solutions.
Around timeouts, 60 seconds is a very long time, from a client prospective it it takes 60 seconds to authenticate i'm giving up or logging a ticket. Normally if the RADIUS server is in the same network segment as the WLC then for TLS I have never seen requirement to go past 5 seconds.
there are also some best practices for EAP style authentications here:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide