Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2091
Views
0
Helpful
2
Replies

EAP-TLS Authentication with FlexConnect and RADIUS

Tobias Ebel
Level 1
Level 1

‎07-02-2013 03:16 AM - edited ‎07-04-2021 12:19 AM

Hi,

there is a Cisco 2504 wlc which manages several 2602 access points.

The access points are configured in FlexConnect mode with local bridiging enabled for some SSIDs.

One SSID is configured for EAP-TLS authentication via RADIUS to Microsoft NPS server and AD integrated CA.

This setup is working fine so far. But the RADIUS authentication is done by the wlc. I would like the access points to do the RADIUS authentication instead of the wlc. Is that possible and how can I achieve this?

Regards,

Tobias

Labels:
0 Helpful
2 Replies 2

stefan.angerer
Level 1
Level 1

‎07-02-2013 12:24 PM

Hi Tobias,

you need to enable FlexConnect Local Authentication on the SSID (advanced settings).

Typically you put the FlexConnect APs in a Flex Group and assign the RADIUS servers there (but don't enable "Local Authentication" on the group, it's a totally different feature!), but you could also configure AAA servers on a per AP basis using CLI.

http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html#wp1225434

Regards

Stefan

0 Helpful

Saurav Lodh
Level 7
Level 7

‎07-09-2013 11:04 PM

Please follow "Configuring an Access  Point for Local Authentication on a WLAN (GUI)" in the following  link

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/flexconnect/config_flexconnect_chapter_01.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card