11-27-2015 01:06 PM - edited 07-05-2021 04:19 AM
I'm deploying a new Cisco wireless infrastructure using a WLC 2504 and 3702I Access Points. The corporative users might connect to the WIFI network using the windows domain credentials. Because of this, we configured on the WLC an LDAP profile to make the authentication directly with the domain server.
We configured the LDAP and EAP profiles on WLC, and add manually a profile on a corporate laptop to connect to the wifi Using 'WPA2-Enterprise' and 'Cisco:PEAP' as authentication method. The connection works ok, and client can connect to the wireless network and have access to internet and local resources. At this time all works fine.
On the other hand, we should create on the domain controller a Wireless Policy, to extend the configuration that works massive to the other laptops in the domain. We tried to create the Wireless Network Policy on the windows server, but on the SSID's "New Profile properties", when you select 'WPA2-Enterprise' only 2 profiles are listed on the option 'select a network authentication method':1 'Microsoft: Smart Card or other certificate' and 2 'Microsoft: Protected EAP (PEAP)'. There are not listed the Cisco methods (Cisco:LEAP, Cisco:PEAP, and Cisco:EAP-FAST)
Is there any way to import or patch the windows server to select these options when we create the profile?
I Attach the screenshot with the comparision beetwen the manually configuration on the laptop and the Wireless network Policy configuration o the windows Server.
Solved! Go to Solution.
11-27-2015 03:46 PM
Why not just setup an NPS server and use that for the policies. There are many docs out there explaining NPS setup with a WLC. Here is one.
http://jackstromberg.com/2013/05/tutorial-802-1x-authentication-via-wifi-active-directory-network-policy-server-cisco-wlan-group-policy/
-Scott
11-27-2015 03:38 PM
I have not seen that option in a long time. This was when the laptop/device was using another supplicant that supported Cisco: PEAP. These day's, Microsoft PEAP is what you want to use especially if you plan on pushing out a profile to all the domain machines.
-Scott
11-27-2015 03:46 PM
Why not just setup an NPS server and use that for the policies. There are many docs out there explaining NPS setup with a WLC. Here is one.
http://jackstromberg.com/2013/05/tutorial-802-1x-authentication-via-wifi-active-directory-network-policy-server-cisco-wlan-group-policy/
-Scott
12-01-2015 07:52 AM
Hi Scott,
We installed the NPS role on server as explained in the link and it works OK.
Thank you very much for your time and help!!!
12-01-2015 08:06 AM
Much easier right:) Glad to help!
-Scott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide