Using Local EAP on the WLC


When you authenticate users to a Radius server, you can create some kind of backup to use the WLC as Local EAP server. There will be no synchronisation between the Radius server and WLC.

You can also use this configuration, if you don’t have any Radius server in your network.

The Local EAP server will support :
– LEAP
– EAP-FAST
– EAP-TLS
– PEAP MS-CHAPv2

First let’s configure a local netuser :

netuser add leapuser1 cisco wlan 0 userType permanent description LEAP User
netuser wlan-id leapuser1 0

Create a new Local EAP Profile.
local-auth eap-profile add LEAP_EAP-FAST-PEAP
local-auth eap-profile cert-issuer cisco LEAP_EAP-FAST-PEAP
local-auth eap-profile method add leap fast peap LEAP_EAP-FAST-PEAP

Configure a WLAN with the correct AAA Server.
wlan create 1 WPA1_WPA2_EAP wpa1
wlan interface 1 vlan11
wlan local-auth enable LEAP_EAP-FAST-PEAP 1
wlan session-timeout 1 1800
wlan wmm allow 1
wlan security static-wep-key encryption 1 104 1
wlan security wpa wpa1 enable 1
wlan security wpa wpa1 ciphers tkip enable 1
wlan enable 1

To configure the Client, I use ADU :

  • ssid : wpa1
  • Security Options : WPA/WPA2/CCKM with LEAP (But also tested with PEAP etc.)
  • Saved username and password like the netuser configured on the WLC.
  • Tags: ,

    About Joost van der Made

    Me

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s

    %d bloggers like this: