Using The Gui To Configure Local Eap - Cisco 2100 Series Configuration Manual
Wireless lan controller
Hide thumbs
Also See for 2100 Series:
- Configuration manual (50 pages) ,
- Quick start manual (12 pages) ,
- Configuration manual (40 pages)
Table of Contents
Advertisement
Configuring Local EAP
You can configure local EAP through either the GUI or the CLI.
Using the GUI to Configure Local EAP
Follow these steps to configure local EAP using the controller GUI.
EAP-TLS, PEAPv0/MSCHAPv2, and PEAPv1/GTC use certificates for authentication, and EAP-FAST
Step 1
uses either certificates or PACs. The controller is shipped with Cisco-installed device and Certificate
Authority (CA) certificates. However, if you wish to use your own vendor-specific certificates, they must
be imported on the controller. If you are configuring local EAP to use one of these EAP types, make sure
that the appropriate certificates and PACs (if you will use manual PAC provisioning) have been imported
on the controller. Refer to
If you want the controller to retrieve user credentials from the local user database, make sure that you
Step 2
have properly configured the local network users on the controller. See the
Users" section on page 5-29
If you want the controller to retrieve user credentials from an LDAP backend database, make sure that
Step 3
you have properly configured an LDAP server on the controller. See the
page 5-33
Follow these steps to specify the order in which user credentials are retrieved from the backend database
Step 4
servers:
a.
Figure 5-22
b.
c.
d.
Cisco Wireless LAN Controller Configuration Guide
5-40
Chapter 9
for instructions.
for instructions.
Click Security > Local EAP > Authentication Priority to open the Priority Order > Local-Auth
page (see
Figure
5-22).
Priority Order > Local-Auth Page
Determine the priority order in which user credentials are to be retrieved from the local and/or LDAP
databases. For example, you may want the LDAP database to be given priority over the local user
database, or you may not want the LDAP database to be considered at all.
When you have decided on a priority order, highlight the desired database. Then use the left and
right arrows and the Up and Down buttons to move the desired database to the top of the right User
Credentials box.
If both LDAP and LOCAL appear in the right User Credentials box with LDAP on the top
Note
and LOCAL on the bottom, local EAP attempts to authenticate clients using the LDAP
backend database and fails over to the local user database if the LDAP servers are not
reachable. If the user is not found, the authentication attempt is rejected. If LOCAL is on the
top, local EAP attempts to authenticate using only the local user database. It does not fail
over to the LDAP backend database.
Click Apply to commit your changes.
for instructions on importing certificates and PACs.
Chapter 5
Configuring Security Solutions
"Configuring Local Network
"Configuring LDAP" section on
OL-17037-01
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
