Using Local EAP on the WLC

When you authenticate users to a Radius server, you can create some kind of backup to use the WLC as Local EAP server. There will be no synchronisation between the Radius server and WLC.

You can also use this configuration, if you don’t have any Radius server in your network.

The Local EAP server will support :

First let’s configure a local netuser :

netuser add leapuser1 cisco wlan 0 userType permanent description LEAP User
netuser wlan-id leapuser1 0

Create a new Local EAP Profile.
local-auth eap-profile add LEAP_EAP-FAST-PEAP
local-auth eap-profile cert-issuer cisco LEAP_EAP-FAST-PEAP
local-auth eap-profile method add leap fast peap LEAP_EAP-FAST-PEAP

Configure a WLAN with the correct AAA Server.
wlan create 1 WPA1_WPA2_EAP wpa1
wlan interface 1 vlan11
wlan local-auth enable LEAP_EAP-FAST-PEAP 1
wlan session-timeout 1 1800
wlan wmm allow 1
wlan security static-wep-key encryption 1 104 1
wlan security wpa wpa1 enable 1
wlan security wpa wpa1 ciphers tkip enable 1
wlan enable 1

To configure the Client, I use ADU :

  • ssid : wpa1
  • Security Options : WPA/WPA2/CCKM with LEAP (But also tested with PEAP etc.)
  • Saved username and password like the netuser configured on the WLC.
  • Tags: ,

    About Joost van der Made


    Leave a Reply

    Fill in your details below or click an icon to log in: Logo

    You are commenting using your account. Log Out /  Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out /  Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out /  Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out /  Change )


    Connecting to %s

    %d bloggers like this: