create local users on cisco wifi controller 2500 - guest network not prompting

Posted on 2014-10-13
Last Modified: 2014-10-15
Hi Struggling here - ive created the new ssid - I can connect using wpa - put in password and ok.

What I want is for each device connecting to have a user name and password "ON" the controller:

eg Joe Smith - has account joes on the controller with his own password.

Ive been told LEAP - which i have some concern around all devices working on - thats another question ;)
Ive done the following:  local EAP authentication ticked - and Ive created a profile called LEAP. and I have created a user (all this on the controller) however - when I connect - it does not prompt for a username   - if i turn on wpa2 it prompts for pre shares key but thats not what I want. I want local username to prompt? - where am I going wrong?   thanks

I'm not wanting AD or radius - i need local usernames on the controller. Cisco WIFI controller 2500
Question by:philb19
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40379308
Follow the walkthrough available @

Feel free to ask if any additional questions

Author Comment

ID: 40379338
Thanks  I did glance at that article. Not fully though :) - this is EAP-FAST is that the way to go?. Do I have to use certificates ? I would really like NOT to use certs AT ALL. though we do have in internal Cert authority. Will avoid at any cost
LVL 46

Expert Comment

by:Craig Beck
ID: 40380210
You can do it with PEAP instead of EAP-FAST using local users.

Go to the Security tab on the WLC, then choose Local EAP from the left-hand menu.
Create a new EAP profile and select the PEAP check-box.
Click on the name of your new profile to view the properties, then check "Local Certificate Required" and click Apply.

On the WLAN you want to enable PEAP on, go to its Security tab and click on AAA Servers, then tick the "Local EAP Authentication Enabled" box.

Create a local user and test, but make sure you uncheck the 'Validate Server Certificate' option in the client's WLAN profile.
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.


Author Comment

ID: 40381325
thanks does not appear to be working - though no prompt. What do i set the Layer 2 security to none or wpa2 - or pass through eap -?
LVL 46

Accepted Solution

Craig Beck earned 500 total points
ID: 40381492
Any WPA mixture will do as long as you tick the 802.1x box.

Author Closing Comment

ID: 40381494
Thanks - followed your instruction and all good - now I need to figure out how to get the users I create on the controller picked up - by clouded scansafe proxy tower (external)
LVL 46

Expert Comment

by:Craig Beck
ID: 40381733
Good luck with that - you can't do external accounting with local EAP as far as I know.

Author Comment

ID: 40381872
Yeah thanks - reading online it looks like I need ISE to be able to trap and do user (non-Active directory user) reports (from scansafe)  

We use CDA linux VM that gets AD info - for corporate Wifi AD user reporting

its reporting on guest wifi I am after

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor ( Top Charts is a view in which you can set seve…
Suggested Courses
Course of the Month8 days, 1 hour left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question