Display Username instead of Roaming Identity in WCS

cjunhan99 · ‎11-23-2010

Hi Cisco Support Community,

I need your kind assistance in assisting us on this issue. As for this case, we need to find out how to configure the display client name using Username instead of Roaming Identity.

We brought 2 units of AIR-WLC-4402-50-K9 from Cisco and hope someone from Cisco could assist on my question.

Is it possible to display client name using Username instead of Roaming Identity?

Is there any configuration need to be done in WLC in order for the Username to be displayed in WCS?

Please refer to the screen shot.

Please help. Thank You.

Junhan

Nicolas Darchis · ‎11-23-2010

Hi,

This is a security design question. Methods using TLS tunnel like EAP-TTLS, EAP-PEAP,EAP-TLs, etc ... build a tunnel and then authenticate inside.

The WLC only reads information about the outer tunnel. usually the username there is "anonymous" or some other random username (=roaming identity). This username is not authenticated, it's just used to build a tunnel.

WLC cannot read what is inside the tunnel because it forwards it to ACS (or radius server). Only ACS knows the real username of the user.

So WLC/WCS cannot figure out the username unless you put an outer identity equal to the real username of the client

Hope this clarifies

===

Dont' forget to rate useful posts