LDAP authentication on vWLC without ACS/ISE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2015 01:26 AM - edited 07-05-2021 03:51 AM
Am setting up the virtual Wireless LAN Controller. Have WPA2/PSK working fine. Am also trying to do a pretty vanilla user authentication against Active Directory via LDAP.
Should I be able to do LDAP user authentication just using the vWLC and AD servers?
In the past I've use ACS, but don't have it available here (or ISE).
Using software 8.1.111.0 and 2602 APs.
Thanks.
- Labels:
-
ISE

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2015 01:46 AM
Web Authentication Using LDAP on Wireless LAN Controllers (WLCs) Configuration Example : http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/108008-ldap-web-auth-wlc.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2015 03:12 AM
Thanks.
So it seems web authentication is the only mechanism that can use LDAP. Hence, LDAP not available with 802.1x WPA2 just using WLC?
From doc:
Note: Web authentication is not supported with 802.1x authentication. This means you cannot choose 802.1x or a WPA/WPA2 with 802.1x as the Layer 2 security when you use web authentication. Web authentication is supported with all other Layer 2 security parameters
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2015 11:34 PM
Got WPA2 / Web-auth with splash page working with LDAP authentication to back end AD server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2015 07:00 PM
Hi Pkemp,
Did you get a way to configure WPA and AD/LDAP authentication without ACS?
Thanks,
Thuc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2015 07:11 PM
Hi Thuc. No. I tried, but could only get Web-auth working with LDAP, which we are now using.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2015 07:15 PM
Thanks for your reply. So, I find out Local EAP Authentication on WLC without ACS. Do you try this one?
http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/100590-ldap-eapfast-config.html
Thuc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2015 07:36 PM
No. We wanted support for EAP-TTLS, which Local EAP apparently doesn't support.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2015 07:42 PM
Thanks you for advice.
Thuc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2015 10:41 AM
For proper Step by Step Configuration ,check below.
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_0110001.html
