Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2011
Views
4
Helpful
9
Replies

LDAP authentication on vWLC without ACS/ISE

pkemp
Level 1
Level 1

‎08-31-2015 01:26 AM - edited ‎07-05-2021 03:51 AM

Am setting up the virtual Wireless LAN Controller. Have WPA2/PSK working fine. Am also trying to do a pretty vanilla user authentication against Active Directory via LDAP. 

Should I be able to do LDAP user authentication just using the vWLC and AD servers?

In the past I've use ACS, but don't have it available here (or ISE).

Using  software 8.1.111.0 and 2602 APs.

Thanks.

Peter
Labels:
0 Helpful
9 Replies 9

mohanak
Cisco Employee
Cisco Employee

‎08-31-2015 01:46 AM

Web Authentication Using LDAP on Wireless LAN Controllers (WLCs) Configuration Example : http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/108008-ldap-web-auth-wlc.html

0 Helpful

pkemp
Level 1
Level 1
In response to mohanak

‎08-31-2015 03:12 AM

Thanks.

So it seems web authentication is the only mechanism that can use LDAP. Hence, LDAP not available with 802.1x WPA2 just using WLC?

From doc:

Note: Web authentication is not supported with 802.1x authentication. This means you cannot choose 802.1x or a WPA/WPA2 with 802.1x as the Layer 2 security when you use web authentication. Web authentication is supported with all other Layer 2 security parameters

Peter
0 Helpful

pkemp
Level 1
Level 1
In response to pkemp

‎08-31-2015 11:34 PM

Got WPA2 / Web-auth with splash page working with LDAP authentication to back end AD server.

 

Peter
0 Helpful

Nguyen KeThuc
Level 1
Level 1
In response to pkemp

‎11-12-2015 07:00 PM

Hi Pkemp,

Did you get a way to configure WPA and AD/LDAP authentication without ACS?

Thanks,

Thuc

0 Helpful

pkemp
Level 1
Level 1
In response to Nguyen KeThuc

‎11-12-2015 07:11 PM

Hi Thuc. No. I tried, but could only get Web-auth working with LDAP, which we are now using.

Peter

Nguyen KeThuc
Level 1
Level 1
In response to pkemp

‎11-12-2015 07:15 PM

Thanks for your reply. So, I find out Local EAP Authentication on WLC without ACS. Do you try this one?

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/100590-ldap-eapfast-config.html 

Thuc

0 Helpful

pkemp
Level 1
Level 1
In response to Nguyen KeThuc

‎11-12-2015 07:36 PM

No. We wanted support for EAP-TTLS, which Local EAP apparently doesn't support.

Peter
0 Helpful

Nguyen KeThuc
Level 1
Level 1
In response to pkemp

‎11-12-2015 07:42 PM

Thanks you for advice.

Thuc

0 Helpful

gohussai
Level 4
Level 4

‎08-31-2015 10:41 AM

For proper Step by Step Configuration ,check below.

 

 

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_0110001.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card