Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
466
Views
0
Helpful
0
Replies

How to configure Wireless LAN Controller (WLC) authentication for AD users by SSID verification

ahmed-ejaz
Level 1
Level 1

‎04-06-2018 11:08 AM - edited ‎02-21-2020 10:53 AM

Hi,

 

I have a customer using Cisco WLC5508 and Cisco ACS 5.4. They have a corporate SSID configured on the WLC which authenticates through the ACS Server using Certificate Based Authentication with AD.

 

They now have a requirement to have an additional SSID created for users to connect their mobile phones (IOS/Android) and users should be prompted for a username and password, once they enter their domain user credentials they should be allowed access to the internet. For this SSID, a separate Layer 2 VLAN has been created which is allowed internet access only.

 

I am trying to follow a past post but it is kind of old and does not use AD authentication:

 

https://supportforums.cisco.com/t5/wireless-mobility-documents/how-to-configure-wireless-lan-controller-wlc-authentication-for/ta-p/3120657

 

I tried to create an additional Selection Profile on the ACS but it was causing the Corporate SSID to stop working (certificate based authentication)

 

I will need some help as how to match the following:

 

1. Radius attribute to match the new SSID

2. Authenticate the users through Active Dirctory

3. Once authenticated, the user should be placed in the new Layer 2 VLAN

 

Any support or reference will be highly appreciated as I will be visiting the customer again on Monday.

 

Thank you,

 

Kind regards.

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents