Configure NAP RADIUS to serve Cisco WLAN Controllers

Posted on Posted in Cisco, Infrastructure
  1. Add the Wireless LAN Controller as an authentication, authorization, and accounting (AAA) client on the NPS.
  2. Expand RADIUS Clients and Servers. Right-click RADIUS Clients, and choose New RADIUS Client.

    115988-nps-wlc-config-092.png

  3. Enter a Friendly name (WLC in this example), the management IP address of the WLC (192.168.162.248 in this example) and a shared secret. The same shared secret is used to configure the WLC.

    115988-nps-wlc-config-093.png

  4. Click OK to return to the previous screen.

    115988-nps-wlc-config-094.png

  5. Create a new Network Policy for wireless users. Expand Policies, right-click Network Policies, and choose New.

    115988-nps-wlc-config-095.png

  6. Enter a policy name for this rule (Wireless PEAP in this example), and click Next.

    115988-nps-wlc-config-096.png

  7. To have this policy allow only wireless domain users, add these three conditions, and click Next:
    • Windows Groups – Domain Users
    • NAS Port Type – Wireless – IEEE 802.11
    • Authentication Type – EAP

      115988-nps-wlc-config-097.png

  8. Click Access granted to grant connection attempts that match this policy, and click Next.

    115988-nps-wlc-config-098.png

  9. Disable all the authentication methods under Less secure authentication methods.

    115988-nps-wlc-config-099.png

  10. Click Add, select PEAP, and click OK to enable PEAP.

    115988-nps-wlc-config-100.png

  11. Select Microsoft: Protected EAP (PEAP), and click Edit. Ensure the previously created domain controller certificate is selected in the Certificate issued drop-down list, and click Ok.

    115988-nps-wlc-config-101.png

  12. Click Next.

    115988-nps-wlc-config-102.png

  13. Click Next.

    115988-nps-wlc-config-103.png

  14. Click Next.

    115988-nps-wlc-config-104.png

  15. Click Finish.

    115988-nps-wlc-config-105.png

Leave a Reply

Your email address will not be published. Required fields are marked *