Configuring Cisco WLC using RADIUS (Microsoft NAP) for
management access.
In the following example I’m using Microsoft Windows Server
2008, and it’s the same for Windows 2012, for using NAP (Network Access Policy)
server to authenticate users for management access to Cisco WLC.
First let’s configure the WLC as RADIUS client:
Open the NAP console
Press the ‘+’ sign near to RADIUS clients and Servers
Right click on RADIUS Clients and select New
Type in the name of the WLC in Friendly name
Type in the WLC IP address
Select manual shared secret and type in the desired shard
secret and confirm it
Click on the Advanced tab and select RADIUS Standard, to
finish click OK
Now let’s configure the Policy:
Open the NAP console
Press the ‘+’ sign near to Policies and select Network
Policies
Right click on Network Policies and select New
The New Network Policy wizard will appear, type in the
policy name
Click next
Click on Windows Groups and add the required group
Click add and select NAS Identifier and enter the WLC
hostname
Click next
Select Access granted and click next
Uncheck all and select only Unencrypted authentication (PAP,
SPAP) and click next
Under constraints we can choose idle timeout, day and time
restrictions or we can just can click next
Under RADIUS attributes->Standard remove Framed-Protocol
and change Service-Type to Administrative.
Click on Encryption, uncheck all and check only No
Encryption
Click next and then Finish
Click on Security->RADIUS->Authentication and click
New
Type in the NAP IP address
Type in the shared secret and confirm it
Make sure the Management checkbox is checked
Click apply
Select Security->Priority Order->Management User, add
RADIUS to Order Used for Authentication and make sure it’s before LOCAL
Click Apply
That’s it, Logout from the WLC and login again with your domain
account.
מתכוונים לבנות בית ? { קבלן עד מפתח } הכנסו לאתר תתרשמו ולא תטעו האוס בנייה וייזמות היא הכתובת לבניית הבית החדש שלכם
ReplyDelete