Cisco WLC with 802.1x and LDAP authentication
Posted on 2014-01-31
I was trying to configure a Cisco 2504 WLC with user-logins via 802.1x. The authentication is supposed go through our central LDAP server, allowing us to use the same user/pw for connection to the WLAN.
After countless hours, I'm wondering if this even possible, even though the Security->AAA-Servers tab allows one to select up to three LDAP servers. With only LDAP selected, I get this in the debugs when I try to connect to the AP:
Returning AAA Error 'No Server' (-7) for mobile [..]
If I have radius enabled, request packets are correctly generated and sent by the controller.
I tried switching to Web-auth, again using LDAP for authentication, which resulted in a web login being displayed in the browser once the WLAN connection is up. The web auth correctly accepted my user/pw combo from the LDAP servers ... so I assume the LDAP configuration is correct.
What am I missing here? Are there any limitations in the 802.1x-authentication I am not aware of? Given the broad use of LDAP based authentication (e.g. in ADS), I would wonder that user/pw auth is not available at this point, but rather just Radius ... even in the Cisco docs I was only able to find samples on how to configure 802.1x with Radius ...
Please let me know what additional information is needed for diagnose ...
P.S. - tried with 7.4/7.5/7.6 OS version of the WLC, LDAP is a stock LDAP server on a Linux machine