04-24-2014 07:05 AM - edited 07-05-2021 12:44 AM
Hi
I have a cisco WLC 4400 and Juniper IC which works as the external Radius server.
I want the wireless clients to be authenticated using certificates. I know the Juniper IC can understand certificates.
My question is can cisco WLC understand that the information being presented to it by the client is not username/pwd but a user certificate.
i have also looked at this article :
What i don't understand here is the need of WLC authenticating the user with his credentials by LDAP when it has authenticated the user cert.
All your help is appreciated.
04-24-2014 09:14 AM
Hi,
Since you use an external radius server you don't have to worry for this.
The only config that you need to do on WLC is to define the radius server under Security-AAA-Radius-Authentication and on your WLAN-Security-AAA.
The doc you refer is only for Local Radius on WLC.
Hope this helps
Regards,
Christos
04-24-2014 12:25 PM
ok.
So we can define a SSID in the WLC with WPA-2 enterprise as security.
Also what certificates need to be uploaded to WLC?
Can you point me to a document with my kind of use case scenario.
Your help would be appreciated.
04-24-2014 01:15 PM
04-24-2014 01:24 PM
I did the same thing initially.
I have a user cert on my machine and root cert on the Juniper IC.
When i tried connecting to the SSDI, I get a Error saying " the cert required to join this SSID is not available on the machine"
Hence, i was wondering if any certs are required on the WLC.
04-24-2014 01:32 PM
You should have a user cert and a root CA cert on client's pc and AAA server.
Search how EAP-TLS works on juniper server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide