cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
914
Views
0
Helpful
4
Replies

WLC-LDAP Windows Server2008 don't show Cisco:PEAP method authentication when deploy a Wireless Network Policy

FABIAN JIMENEZ
Level 1
Level 1

I'm deploying a new Cisco wireless infrastructure using a WLC 2504 and 3702I Access Points. The corporative users might connect to the WIFI network using the windows domain credentials. Because of this, we configured on the WLC an LDAP profile to make the authentication directly with the domain server.

We configured the LDAP and EAP profiles on WLC, and add manually a profile on a corporate laptop to connect to the wifi Using 'WPA2-Enterprise' and 'Cisco:PEAP' as authentication method. The connection works ok, and client can connect to the wireless network and have access to internet and local resources. At this time all works fine.


On the other hand, we should create on the domain controller a Wireless Policy, to extend the configuration that works massive to the other laptops in the domain. We tried to create the Wireless Network Policy on the windows server, but on the SSID's "New Profile properties", when you select 'WPA2-Enterprise' only 2 profiles are listed on the option 'select a network authentication method':1 'Microsoft: Smart Card or other certificate' and 2 'Microsoft: Protected EAP (PEAP)'. There are not listed the Cisco methods (Cisco:LEAP, Cisco:PEAP, and Cisco:EAP-FAST)

Is there any way to import or patch the windows server to select these options when we create the profile?

I Attach the screenshot with the comparision beetwen the manually configuration on the laptop and the Wireless network Policy configuration o the windows Server.

1 Accepted Solution

Accepted Solutions

Scott Fella
Hall of Fame
Hall of Fame

Why not just setup an NPS server and use that for the policies.  There are many docs out there explaining NPS setup with a WLC.  Here is one.

http://jackstromberg.com/2013/05/tutorial-802-1x-authentication-via-wifi-active-directory-network-policy-server-cisco-wlan-group-policy/

-Scott

-Scott
*** Please rate helpful posts ***

View solution in original post

4 Replies 4

Scott Fella
Hall of Fame
Hall of Fame

I have not seen that option in a long time.  This was when the laptop/device was using another supplicant that supported Cisco: PEAP.  These day's, Microsoft PEAP is what you want to use especially if you plan on pushing out a profile to all the domain machines.

-Scott

-Scott
*** Please rate helpful posts ***

Scott Fella
Hall of Fame
Hall of Fame

Why not just setup an NPS server and use that for the policies.  There are many docs out there explaining NPS setup with a WLC.  Here is one.

http://jackstromberg.com/2013/05/tutorial-802-1x-authentication-via-wifi-active-directory-network-policy-server-cisco-wlan-group-policy/

-Scott

-Scott
*** Please rate helpful posts ***

FABIAN JIMENEZ
Level 1
Level 1

Hi Scott,

We installed the NPS role on server as explained in the link and it works OK.

Thank you very much for your time and help!!!

Much easier right:)  Glad to help!

-Scott

-Scott
*** Please rate helpful posts ***
Review Cisco Networking products for a $25 gift card