Lab Minutes Forum

Technical Discussion => Wireless => Topic started by: sadiqhuss on July 06, 2018, 12:28:44 AM

Title: Radius/Local EAP Authentication in Single SSID
Post by: sadiqhuss on July 06, 2018, 12:28:44 AM
Dear Colleague

I am trying to setup local EAP authetication and Radius in one SSID.

My setup is as follow i want office staff to authneticate through windows NPS/AD using EAP configuresd on NPS (Radius). Also i want guest user to authenticated through local net user on WLC. I have cisco WLC 5508 running 7.6. I configured local EAP WLC  with PEAP profile.
I also configured SSID with AAA pointing to the NPS server and on Local EAP i choose the EAP profile. The problem is both authentication cannot work together. Only staff can successful authenticate but local net user cannot as it trys to authenticate through radius.

But when i disable radius AAA server it autenticate through local net users.

Please assist .

Thanks

Regards
Sadiq 
Title: Re: Radius/Local EAP Authentication in Single SSID
Post by: MC on July 16, 2018, 08:23:09 PM
That seems to be how it supposes to work. You can't have them work concurrently. See below excerpt from WLC config guide.

"Note: If any RADIUS servers are configured on the controller, the controller tries to authenticate the wireless clients using the RADIUS servers first. Local EAP is attempted only if no RADIUS servers are found, either because the RADIUS servers timed out or no RADIUS servers were configured."
SimplePortal 2.3.7 © 2008-2022, SimplePortal