11-23-2010 07:54 PM - edited 07-03-2021 07:27 PM
Hi Cisco Support Community,
I need your kind assistance in assisting us on this issue. As for this case, we need to find out how to configure the display client name using Username instead of Roaming Identity.
We brought 2 units of AIR-WLC-4402-50-K9 from Cisco and hope someone from Cisco could assist on my question.
Is it possible to display client name using Username instead of Roaming Identity?
Is there any configuration need to be done in WLC in order for the Username to be displayed in WCS?
Please refer to the screen shot.
Please help. Thank You.
Junhan
11-23-2010 11:52 PM
Hi,
This is a security design question. Methods using TLS tunnel like EAP-TTLS, EAP-PEAP,EAP-TLs, etc ... build a tunnel and then authenticate inside.
The WLC only reads information about the outer tunnel. usually the username there is "anonymous" or some other random username (=roaming identity). This username is not authenticated, it's just used to build a tunnel.
WLC cannot read what is inside the tunnel because it forwards it to ACS (or radius server). Only ACS knows the real username of the user.
So WLC/WCS cannot figure out the username unless you put an outer identity equal to the real username of the client
Hope this clarifies
===
Dont' forget to rate useful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide