Showing results for 
Search instead for 
Did you mean: 

WPA2 802.1x with MS RADIUS, LDAP, Clean Access


We are in a multivendor enviornment using NAC and WCS.  We would like to implement WPA2 Enterprise.  We currently authenticate with LDAP to place users in proper roles.

Not 100% sure on this.  As far as I know, it is not possible to implement 802.1x with how could we use LDAP and a Radius server together in order to implement WPA2 Enterprise?  Is this possible?  Any documentation out there that I have yet to find explaining this?

Any help would be appreciated.

Thanks in advance,


1 Reply 1

Nicolas Darchis
Cisco Employee
Cisco Employee


Let's clarify all possibilities and you can chose one from there :-)

1) the Wireless Controller (WLC) can act as radius server. The feature is called "local eap". So the WLC authenticates the client (wpa2 if you like).

The WLC can use an LDAP database as user database. The only restrictions are that you cannot use "mschapv2" methods. So only peap-gtc,eap-fast-gtc and eap-tls. Of those 3, only eap-tls is present on the client default windows supplicant.

2) You can have a complete radius server like Cisco ACS. However the limitation coming with LDAP remains. Unless your database is Active Directory in which case ACS can integrate with it and allow for all eap methods.

3) If you go for WPA enterprise, that means you will authenticate users 2 times. One with dot1x to join the wireless and one with NAC afterwards to get network connectivity. Again if you have active directory, you can go with "single sign on" so that users never have to enter their credentials. Otherwise they will have to enter them twice.

Apart from that fact, NAC pretty much doesn't care if your wireless is open or dot1x-secured, it comes after the dot1x authentication anyway.

I hope this clarifies ?



please rate answers that you find useful

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers