Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1835
Views
25
Helpful
4
Replies

How to configure WLC 2500 with authentication 802.1x EAP TTLS

Tarjeet Singh
Level 1
Level 1

‎03-15-2013 05:02 PM - edited ‎07-03-2021 11:44 PM

Please help.

My client wants to test their new product with wireless authentication 802.1x EAP TTLS. They have CISCO WLC 2504. Can you please confirm if CISCO WLC 2500 support EAP TTLS, if yes then how to configure.

So far I have added Radius TTLS server into my WLC.  Under Radius on WLC added radius server IP and key and created new SSID 802.1x WPA+WPA2 ( WPA policy2 and WPA encryption AES) after that under SSID AAAservers selected drop down same server IP.

But user tried and didn’t work also we didn’t see any hit on radius server. Yea policy has added on radius.

My client wants to use TTLS instead of TLS because in TLS you have to use client certificate on client side but on TTLS you can use certificate on client side but it is optional. So they want to stick with TTLS. But I am not seeing any documentation on TTLS with cisco WLC

My android phone galaxy II has TTLS option under EAP 802.1x, so android devices support TTLS.

1 person had this problem
Labels:
0 Helpful
4 Replies 4

Amjad Abdullah
VIP Alumni
VIP Alumni

‎03-16-2013 01:56 AM

It should work if both supplicant (user device) and the AAA server both support EAP-TTLS. The WLC should work with whatever EAP method that is supported by both supplicant and AAA server.

You may use debug client on the WLC to troubleshoot further if you still have no hits on the AAA server.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

Hoggins
Level 1
Level 1

‎03-06-2022 06:35 AM

I believe that's because WLC simply doesn't support EAP-TTLS. I'm looking for this too instead of EAP-TLS, and it doesn't seem to offer this feature:

Capture d’écran de 2022-03-06 15-33-00.png

Should I get a more recent version of WLC software? Mine is 8.2.100.0.

Hoggins
Level 1
Level 1
In response to Hoggins

‎03-06-2022 12:23 PM

I must correct my answer/question above: WLC doesn't seem to support EAP-TTLS for local EAP. As @Amjad Abdullah stated, EAP-TTLS will work if you're not involving WLC directly, ie. directly between RADIUS and a WPA supplicant.

ammahend
VIP Alumni
VIP Alumni

‎03-06-2022 11:21 AM

Agree, If you don’t want worry about client certificates then use PEAP/MsCHAPV2, in any method you will still have to provision client devices (supplicant) for most part and your radius server. 
Moreover their are client restrictions
iOS clients won’t support TTLS with PAP unless you manually (via a computer) install a profile.

Windows clients won’t support TTLS out-of-box for most part
Android support almost all combinations of EAP.

 

-hope this helps-
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card