Configuring microsoft radius server for Cisco 5508

okoroji80 · ‎04-29-2013

Dear Support team,

I would like to know if microsoft 2008 server RADIUS server could be use for authentication on Cosco 5508 instead of Cisco ACS.

Stephen Rodriguez · ‎04-29-2013

Absolutely it can. To the WLC it's just another AAA server

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

okoroji80 · ‎04-29-2013

Thanks Stephen.

Below is what i intend to achieve using that solution,

How to setup 3 separate Vlans on Cisco 5508

I have a Cisco 5508 setup an running with Cisco 3502 AP.

with same SSID

however i need segment the network using 3-Diff VLANS:

1. vlan 1-----students

2. vlan2----- Visitors

3.vlan3------ Staff

the students and visitor are not meant to login to the corporate network, however the staff are to be login using their Active Directory User name and Password how do i achieve this ?

Stephen Rodriguez · ‎04-29-2013

Pretty easy to do actually. If Staff is the only one using credentials then when you configure the AAA servers do not chek the Network User box, and specify the server in the Staff WLAN.

Then the students and guests won't be able to use it.

If you want the guests to use credentials, then you woudl want to return attributes 64/65/81 and force the VLAN assignment so that the Students do not get on the Staff VLAN.

http://technet.microsoft.com/en-us/library/cc772124(v=ws.10).aspx

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Sebastian Helmer · ‎05-01-2013

U want archive it with just one ssid? I prefer one per vlan in that case with the proper authentication method.
I have no experience with one ssid, but if u like we can speak about the other solution ;)

Sent from Cisco Technical Support iPhone App

okoroji80 · ‎07-18-2013

Hello Sebastian,

Let me know of the your own solution using separate SSIDs for the different VLANs to be able to achieve the above solution.

Jude.

Scott Fella · ‎07-18-2013

The only way this will work is if your using 802.1x with the staff, student and guest.. of course I would assume they would be in separate OU's. The guest should have a different WLAN since it should be open and you can't do 802.1x. Staff and student you can.

You need to use AAA override
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml

Create a network policy in NPS
http://technet.microsoft.com/en-us/library/cc772124(v=ws.10).aspx

Use radius attribute to send the info back to the WLC
http://technet.microsoft.com/en-us/library/cc754422(v=ws.10).aspx

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Ravi Singh · ‎07-21-2013

You can also use LDAP to integrate AD with WLC. Below link will describe the procedure.

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

If you are using IAS or NPS as your RADIUS serve the below post will help you.

https://supportforums.cisco.com/thread/2132456