asked on
WLC and radius
Experts,
I know of a company that has Cisco LWAPP access points, Cisco Wireless LAN controllers and Radius server that talks to Active Directory.
The clients are doing peap-eap authentication.
My question is, is the radius server authenticating the users or is it authenticating the access point or both?
I know of a company that has Cisco LWAPP access points, Cisco Wireless LAN controllers and Radius server that talks to Active Directory.
The clients are doing peap-eap authentication.
My question is, is the radius server authenticating the users or is it authenticating the access point or both?
Cisco* WLCWireless Networking
Last Comment
trojan81
ASKER
Why would a radius server be needed and not have a user directly authenticate to AD?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
thank you
It depends on how the APs and authentication are configured, but in a standard Cisco WLC setup it will be the RADIUS server that does the user authentication (via AD) and nothing more.
For info...
There's lots of scenarios, but as well as user authentication, APs can be authenticated too. Where used, AP authentication (as in letting APs connect to the WLC) is usually done using a MAC list at the WLC. If the network supports 802.1x on the switches you can use 802.1x to authenticate the AP at the wired network level and MAC-based auth at the WLC to allow APs to actually connect to the WLC.