I have a 2500 WLC that i have just configured.
I want to set up WLAN authentication using 802.1x using our 2012 R2 NPS server.
Does anyone have a step by step guide?
For WLC configuration you dont need a guide. The steps is pretty simple and I´ll guide you:
First you go to the SECURITY tab and under aaa > RADIUS> Authentication you can create a new Authentication server.
Basically you configure an IP address and Shared Secret.
Second you go to the WLAN tab e select the WLAN you want to setup.
On Security tab, AAA servers you can drop down and select the server you just created on the SECURITY Tab.
If you did not change in Layer 2 Tab, still under security, it is already checked 802.1X on "Authentication Key Management". Otherwise, you need to check that.
This is pretty much what you need in terms of RADIUS configuration on the WLC.
If you need futher assistence, please let me know.
Flavia has explained the WLC part , which is fairly straightforward. WLC just knows that the authentication part is being handled by someone else. That's it.
In addition to that, here is the step by step guide for the Server side config:
This guide is for 2008 server , but should hold equally useful for 2012.
Hi, sorry I know this an older post but I have been trying to configure radius using the same method as here using WinRadius as the server. I believe it is partially working as when I try to connect to the WLAN it asks for a username and password, which I enter, but the WinRadius server just says "User (usename) authenticate failed" where username is the username I entered. The password I enter is not wrong and the WinRadius server is working as i can log into the cli using the users on the radius server. Any ideas?
First, make sure you are not facing a client problem. You can test from the WLC:
test aaa radius username <user name> password <password> wlan-id <wlan-id> ap-group <apgroup-name> server-index
If you get success on this test from the WLC, then you know that the client is the problem. If this test also fail then you know that the problem may be the Radius Server.
This command also : test aaa show radius
Lastly, you can run 'debug client 'mac address'' and try to see what is going on.
-If I helped you somehow, please, rate it as useful.-