Re: WLAN with Radius Authentication Windows Server 2012

gerardobrien · ‎10-04-2017

Hey,

I have a 2500 WLC that i have just configured.

I want to set up WLAN authentication using 802.1x using our 2012 R2 NPS server.

Does anyone have a step by step guide?

Thanks

Flavio Miranda · ‎10-04-2017

Hello,

For WLC configuration you dont need a guide. The steps is pretty simple and I´ll guide you:

First you go to the SECURITY tab and under aaa > RADIUS> Authentication you can create a new Authentication server.

Basically you configure an IP address and Shared Secret.

Second you go to the WLAN tab e select the WLAN you want to setup.

On Security tab, AAA servers you can drop down and select the server you just created on the SECURITY Tab.

If you did not change in Layer 2 Tab, still under security, it is already checked 802.1X on "Authentication Key Management". Otherwise, you need to check that.

This is pretty much what you need in terms of RADIUS configuration on the WLC.

If you need futher assistence, please let me know.

Manish Mathur · ‎10-09-2017

Hi Wee,

Flavia has explained the WLC part , which is fairly straightforward. WLC just knows that the authentication part is being handled by someone else. That's it.

In addition to that, here is the step by step guide for the Server side config:

https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/115988-nps-wlc-config-000.html

This guide is for 2008 server , but should hold equally useful for 2012.

Cheers,

Manish

J0SH · ‎07-11-2018

Hi, sorry I know this an older post but I have been trying to configure radius using the same method as here using WinRadius as the server. I believe it is partially working as when I try to connect to the WLAN it asks for a username and password, which I enter, but the WinRadius server just says "User (usename) authenticate failed" where username is the username I entered. The password I enter is not wrong and the WinRadius server is working as i can log into the cli using the users on the radius server. Any ideas?

Flavio Miranda · ‎07-11-2018

Hi

First, make sure you are not facing a client problem. You can test from the WLC:

test aaa radius username <user name> password <password> wlan-id <wlan-id> ap-group <apgroup-name> server-index

If you get success on this test from the WLC, then you know that the client is the problem. If this test also fail then you know that the problem may be the Radius Server.

This command also : test aaa show radius

Lastly, you can run 'debug client 'mac address'' and try to see what is going on.

-If I helped you somehow, please, rate it as useful.-

J0SH · ‎07-11-2018

I can't find the command you suggested on the WLC, but if I enable the server for management it works for logging in to the cli through the radius users

J0SH · ‎07-11-2018

This is what I get when trying to log into the WiFi

patoberli · ‎07-12-2018

If it's a Windows Server, use the built-in NPS Radius functionality, you will find more guides for this.
In any case, based on the last message, the authentication has failed, probably because of wrong username/password.

J0SH · ‎07-15-2018

the WinRadius program is just running on my desktop pc so I am unable to use NPS. the password was not incorrect, I have tried multiple times with multiple accounts with different passwords nothing works but logging into the cli using the same username password combinations works.

patoberli · ‎07-15-2018

What do you exactly mean by "logging into the cli using the same username password combinations works"?

J0SH · ‎08-02-2018

If I when I add the radius server the Management (or something similar) checkbox then I can use radius to log in to the console. The username and password work here but not on the wireless.

patoberli · ‎08-06-2018

You need to enable 'Network User' on the radius server configuration. With this (and only this) enabled, you can use this radius server to authenticate wireless users.