03-15-2013 05:02 PM - edited 07-03-2021 11:44 PM
Please help.
My client wants to test their new product with wireless authentication 802.1x EAP TTLS. They have CISCO WLC 2504. Can you please confirm if CISCO WLC 2500 support EAP TTLS, if yes then how to configure.
So far I have added Radius TTLS server into my WLC. Under Radius on WLC added radius server IP and key and created new SSID 802.1x WPA+WPA2 ( WPA policy2 and WPA encryption AES) after that under SSID AAAservers selected drop down same server IP.
But user tried and didn’t work also we didn’t see any hit on radius server. Yea policy has added on radius.
My client wants to use TTLS instead of TLS because in TLS you have to use client certificate on client side but on TTLS you can use certificate on client side but it is optional. So they want to stick with TTLS. But I am not seeing any documentation on TTLS with cisco WLC
My android phone galaxy II has TTLS option under EAP 802.1x, so android devices support TTLS.
03-16-2013 01:56 AM
It should work if both supplicant (user device) and the AAA server both support EAP-TTLS. The WLC should work with whatever EAP method that is supported by both supplicant and AAA server.
You may use debug client
HTH
Amjad
Rating useful replies is more useful than saying "Thank you"
03-06-2022 06:35 AM
I believe that's because WLC simply doesn't support EAP-TTLS. I'm looking for this too instead of EAP-TLS, and it doesn't seem to offer this feature:
Should I get a more recent version of WLC software? Mine is 8.2.100.0.
03-06-2022 12:23 PM
I must correct my answer/question above: WLC doesn't seem to support EAP-TTLS for local EAP. As @Amjad Abdullah stated, EAP-TTLS will work if you're not involving WLC directly, ie. directly between RADIUS and a WPA supplicant.
03-06-2022 11:21 AM
Agree, If you don’t want worry about client certificates then use PEAP/MsCHAPV2, in any method you will still have to provision client devices (supplicant) for most part and your radius server.
Moreover their are client restrictions
iOS clients won’t support TTLS with PAP unless you manually (via a computer) install a profile.
Windows clients won’t support TTLS out-of-box for most part
Android support almost all combinations of EAP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide