Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4043
Views
10
Helpful
8
Replies

WLC C9800 SSID authentication via Active Directory

ahmed-hassan1110
Level 1
Level 1

‎01-12-2021 06:13 AM - edited ‎07-05-2021 12:59 PM

Hi Gents,

I have a C9800-L-F-K9 WLC in HA setup running IOS-XE version 16.12.4a, the setup is working fine and users can join SSIDs normally using L2 security and password.

 

Simply I need the users to authenticate to a certain SSID using their active directory domain account, and I can't find a straight forward document mentioning the procedures and I tried some info from the config guide with no luck as it's not clear at all.

 

so I appreciate if anyone can share the needed procedures to accomplish this goal.

0 Helpful
8 Replies 8

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎01-12-2021 06:26 AM

Hi,

 

Go through this doc:

 

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213919-configure-802-1x-authentication-on-catal.html

 

Regards

Dont forget to rate helpful posts

0 Helpful

ahmed-hassan1110
Level 1
Level 1

‎01-12-2021 06:37 AM

Hi Sandeep,

But we don’t have ISE server in our setup, just the wireless controller and the AD server.
0 Helpful

moritz.burghuber
Level 1
Level 1

‎01-12-2021 07:02 AM

Hi Ahmed,

 

Do you have an Radius Server, you can use FreeRadius it's free and you can use it with the AD for Authentication. 

0 Helpful

ahmed-hassan1110
Level 1
Level 1
In response to moritz.burghuber

‎01-13-2021 02:11 AM

Hi Moritz,

I don't have RADIUS server, please give me some hints on using the FreeRadius with the AD, how the setup will go and what's the needed config on the C9800 in this case?

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎01-12-2021 06:30 PM

I would recommend you use a radius server just because you have more flexibility.  However if you want to use ldap, here is a guide that can help you.  Just search around and you probably find more.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/secure-ldap.html

 

-Scott
*** Please rate helpful posts ***

ahmed-hassan1110
Level 1
Level 1
In response to Scott Fella

‎01-13-2021 07:21 AM

Hi Scott,

I came across the guide but unfortunately it's not clear enough and  the setup is still not working and keep giving me authentication failed. 

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to ahmed-hassan1110

‎01-13-2021 08:37 AM

There is not much anyone can do but provide reference guides. Like what was mentioned earlier, using a radius server is the best way to do this, but that is not for the beginners. When doing something like ldap or radius, it’s trail and error especially when you are not familiar with it. All I can say is, keep looking at other guides or blogs and test. Every environment is different and can be possible issues on the ldap side too in which you need someone with experience there.
-Scott
*** Please rate helpful posts ***

sejamc71
Level 1
Level 1

‎04-11-2023 08:09 AM

The link provided below is very straight forward and simple. It provides both Gui and CLI commands. The tricky part is actually configuring the Radius portion on a windows server. All you really need on the WLC side is a server running Radius. You're just specifying 802.1x auth and pointing it to your Radius Server essentially. The WLC will send all authentications for applicable SSID to your windows server.

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213919-configure-802-1x-authentication-on-catal.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card