Client Authentication Problem

amitesh.pandey1 · ‎08-06-2015

Hi All,

Can anyone tell me if i can change the method of authentication to PEAP from EAP on then WLC for a particular SSID. as my end client is having PEAP authentication but my radius is rejecting the Authentication stating that it is not matching with PEAP.

I am not finding the way where i can change the authentication type on WLC to EAP

Thanks in advance !

Ric Beeching · ‎08-10-2015

Hi Amitesh,

The WLC is the authenticator and therefore does not see what type of EAP authentication is used. That is determined by your client and the RADIUS server during what is known as an EAP-Type Request. On the WLC, you need to set the L2 Auth as 802.1x and this is enough to establish the initial communication between the supplicant (wireless client) and the RADIUS server.

If your server is configured for PEAP and your client is too then it should work.

Note: PEAP auth can come in two flavours but by far the most common is PEAP with MSCHAPv2. This requires a certificate to be setup on your RADIUS/NPS server to be used for securing communications. See the following links for help with this:

https://supportforums.cisco.com/sites/default/files/legacy/5/5/8/89855-Deploy%20a%20CA%20and%20NPS%20Certificate%20Server.docx

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise#Example_RADIUS_Configuration_(Windows_NPS_.2B_AD)

-----------------------------
Please rate helpful / correct posts

Prakash Parvathala · ‎08-19-2015

Please check the following links

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69730-eap-auth-wlc.html

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/100590-ldap-eapfast-config.html

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/99791-eapfast-wlc-rad-config.html