Cisco Cisco 2000 Series Wireless LAN Controller Manuale Tecnico
Products & Services
Local EAP Authentication on the Wireless LAN Controller with EAP-FAST and LDAP Server
Configuration Example
Document ID: 100590
Introduction
This document explains how to configure Extensible Authentication Protocol (EAP) - Flexible Authentication via Secure Tunneling
(FAST) Local EAP authentication on a Wireless LAN Controller (WLC). This document also explains how to configure Lightweight
Directory Access Protocol (LDAP) server as the backend database for Local EAP to retrieve user credentials and authenticate the
user.
(FAST) Local EAP authentication on a Wireless LAN Controller (WLC). This document also explains how to configure Lightweight
Directory Access Protocol (LDAP) server as the backend database for Local EAP to retrieve user credentials and authenticate the
user.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these software and hardware versions:
Cisco 4400 Series WLC that runs firmware 4.2
Cisco Aironet 1232AG Series Lightweight Access Point (LAP)
Microsoft Windows 2003 server configured as domain controller, LDAP server as well as Certificate Authority server.
Cisco Aironet 802.11 a/b/g Client Adapter that runs firmware release 4.2
Cisco Aironet Desktop Utility (ADU) that runs firmware version 4.2
The information in this document was created from the devices in a specific lab environment. All of the devices used in this
document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact
of any command.
document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact
of any command.
Conventions
Refer to the
Cisco Technical Tips Conventions
for more information on document conventions.
Background Information
Local EAP authentication on Wireless LAN Controllers was introduced with Wireless LAN Controller version 4.1.171.0.
Local EAP is an authentication method that allows users and wireless clients to be authenticated locally on the controller. It is
designed for use in remote offices that want to maintain connectivity to wireless clients when the backend system becomes
disrupted or the external authentication server goes down. When you enable local EAP, the controller serves as the
authentication server and the local user database, so it removes dependence on an external authentication server. Local EAP
retrieves user credentials from the local user database or the LDAP backend database to authenticate users. Local EAP supports
LEAP, EAP-FAST, EAP-TLS, P EAPv0/MSCHAPv2, and PEAPv1/GTC authentication between the controller and wireless clients.
designed for use in remote offices that want to maintain connectivity to wireless clients when the backend system becomes
disrupted or the external authentication server goes down. When you enable local EAP, the controller serves as the
authentication server and the local user database, so it removes dependence on an external authentication server. Local EAP
retrieves user credentials from the local user database or the LDAP backend database to authenticate users. Local EAP supports
LEAP, EAP-FAST, EAP-TLS, P EAPv0/MSCHAPv2, and PEAPv1/GTC authentication between the controller and wireless clients.
Local EAP can use an LDAP server as its backend database to retrieve user credentials.
An LDAP backend database allows the controller to query an LDAP server for the credentials (username and password) of a
particular user. These credentials are then used to authenticate the user.
particular user. These credentials are then used to authenticate the user.
The LDAP backend database supports these Local EAP methods:
EAP-FAST/GTC
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Background Information
Configure
Network Diagram
Configurations
Configure EAP-FAST as Local EAP Authentication Method on the WLC
Generate a Device Certificate for the WLC
Downloading the Device Certificate onto the WLC
Install the Root Certificate of PKI into the WLC
Generate a Device Certificate for the Client
Generate the Root CA Certificate for the Client
Configure Local EAP on the WLC
Configure LDAP Server
Creating Users on the Domain Controller
Configure the User for LDAP Access
Using LDP to Identify the User Attributes
Configure Wireless Client
Verify
Troubleshoot
Cisco Support Community - Featured Conversations
Related Information