Guest Access Required but using AD credentials.

Garry Cooper · ‎10-13-2011

Currently we have a single Cisco 5508 setup for corporate access backed off to ACS and Active Directory.

Guest access is using the NAC Guest server with web auth..

What the requirements are is for a new SSID and to use the guest interface, so corporate users can authenticate at the network level, against the AD db so they can use none corporate devices. (ie: Iphone, android, tablets.)

This does not work at the moment because the client requires a certificate from AD.

Is there a way to do this.

Thanks

Garry Cooper

ICT Technical Analyst (Lan & Wan)

nikhilcherian · ‎10-13-2011

Are you trying to prevent Iphone, android,tablets from accesing the network using the guest WLAN

Garry Cooper · ‎10-13-2011

No.... I want to allow these devices to connect using their AD credentials, so semi trusted clients.

They will connect to a different SSID but use the guest interface.

nikhilcherian · ‎10-13-2011

What secuity type you use with the client, LEAP/PEAP

Stephen Rodriguez · ‎10-13-2011

On the ACS, if you allow for PEAP it should work. Most 'i' devices will reach and pull the cert if they need it, but per the standard the cert is not needed on the client for PEAP. and a droid devices should be able to connect to PEAP as well

HTH,

Steve

----------------------------------------------------------------------------------------------------------

Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Garry Cooper · ‎10-14-2011

Thanks for pointing me in the right direction.

PEAP works great.

All sorted.

Thanks

Garry