cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
847
Views
7
Helpful
8
Replies

Guest User Authentication

mark-wise
Level 1
Level 1

Has anyone used a 9800-40 as a "Radius Server" to authenticate guest users on the wireless guest SSID? We have a situation where we need to migrate off of Prime. We currently use Prime to create and manage all guest users by our help desk and local IT for all our regional locations.  The Anchor controller resides in the DMZ and Security has forbidden the Help Desk and the local IT to have access to the Anchor. As the Foreign controller is permitted such access, I was thinking we could leverage it as the Radius server from the Anchor. We have done some initial configurations and testing. The Web-Auth pages present and accept the UN/PW but fail to complete the authentication. Any thoughts/suggestions would be greatly appreciated.

2 Accepted Solutions

Accepted Solutions

marce1000
Hall of Fame
Hall of Fame

 

            - You can't use 9800 controller(s) as (native) radius servers,

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

@mark-wise 

 Cisco WLC works for local EAP only. It will not work as radius for remote guest users.

View solution in original post

8 Replies 8

Check if CoA port 1700 is open from both side 

MHM

Currently, all ports are permitted between Anchor and Foreign controllers.

https://www.netprojnetworks.com/ccie-enterprise-wireless-v1-0-4-4-guest-management-4-4-b-central-web-authentication/

I dont know why they say you can not' if I have anchor sure I can use CWA.

Check the link.

Only make sure the port is open and do config as list in link

Thanks 

MHM

He's not asking about using CWA, he's asking about using 9800 as radius server @MHM Cisco World .
The example you linked is using ISE for radius, not 9800.

He mention guest but dont mention if he use CWA or LWA 

MHM

marce1000
Hall of Fame
Hall of Fame

 

            - You can't use 9800 controller(s) as (native) radius servers,

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

@mark-wise 

 Cisco WLC works for local EAP only. It will not work as radius for remote guest users.

Rich R
VIP
VIP

As Marce and Flavio have pointed out you can only use it for local EAP, not as a radius server.  For local EAP see:
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/215026-local-eap-authentication-on-catalyst-980.html
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-12/config-guide/b_wl_17_12_cg/local-extensible-auth-protocol.html

Review Cisco Networking for a $25 gift card