10-14-2009 01:14 PM - edited 07-03-2021 06:09 PM
Not sure if this has been asked or covered.
We have a 2106 (running 4.2.205.0). I was wondering if there was a way to setup a WLAN that uses Web Authentication, where that would use a RADIUS server to authenticate the user instead of having to manually create 'Local net Users' for each user? Basically I want the Web Authentication to look at the RADIUS server instead of the Local Net Users.
10-14-2009 01:26 PM
Using the Web Authentication feature on a Cisco wireless LAN controller, we can authenticate a guest user on the wireless LAN controller, on an external web server or on an external database on a RADIUS server. We can configure the wireless LAN used for guest traffic to authenticate the user from an external RADIUS server.
To enable an external RADIUS server to authenticate traffic using the GUI, follow this link.
10-14-2009 02:47 PM
Ah, ok. I had everything set up correctly, just the policy I have on my IAS server wasn't allowing it. The policy I have (MS IAS server) forces a NAS-Port-Type of "Wireless - IEEE 802.11 or Wireless - Other" and well as forced it to use MS-CHAPv2 for Authentication. I noticed that when the log in was passed to the IAS server, it was showing "NAS-Port-Type: Not present" and using PAP for authentication. I had to create a 2nd RADIUS policy with to match these requirements in order for it to connect. Any reason why it would use PAP and any way to change that?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide