Advertisement
Hi All,<\/p>\n
I got Cisco WLC 9800, Cisco ISE, AD server. I want to implement 802.1X authentication (RADIUS) with AD cred for wireless clients with SSL cert.<\/p>\n
Can someone share good step by step to achieve this task?<\/p>\n
Also, I got wildcard pfx SSL cert & if i want to enable SSL cert for wireless authentication. What is the steps & where do i need to install(example AD server, Cisco ISE or wlc?<\/p>\n
Appreciate your help.<\/p>","upvoteCount":8,"answerCount":4,"datePublished":"2022-05-25T08:36:04.000Z","author":{"@type":"Person","name":"rajgurung","url":"https://community.spiceworks.com/u/rajgurung"},"suggestedAnswer":[{"@type":"Answer","text":"
Hi All,<\/p>\n
I got Cisco WLC 9800, Cisco ISE, AD server. I want to implement 802.1X authentication (RADIUS) with AD cred for wireless clients with SSL cert.<\/p>\n
Can someone share good step by step to achieve this task?<\/p>\n
Also, I got wildcard pfx SSL cert & if i want to enable SSL cert for wireless authentication. What is the steps & where do i need to install(example AD server, Cisco ISE or wlc?<\/p>\n
Appreciate your help.<\/p>","upvoteCount":8,"datePublished":"2022-05-25T08:36:04.000Z","url":"https://community.spiceworks.com/t/wireless-authentication-using-802-1x/833592/1","author":{"@type":"Person","name":"rajgurung","url":"https://community.spiceworks.com/u/rajgurung"}},{"@type":"Answer","text":"
SSL cert will go on WLC - it is the device the clients will communicate with to Auth,
\nconfigure an SSID to use WPA enterprise / 802.1x
\nSet ISE as the radius server (configure WLC as client in ISE).
\nIn ISE you will need a policy creating to use for requests from this radius client.
\nAdd ad as an ldap source.
\nin policy then define your criteria which may just be user auth from the ‘users’ OU of the ldap source.
\nYou will need to read the manuals for each product and follow the steps. WLC docs for setting the SSID auth type, and adding ISE as a radius server. ISE docs for creating a policy.<\/p>","upvoteCount":0,"datePublished":"2022-05-25T09:52:20.000Z","url":"https://community.spiceworks.com/t/wireless-authentication-using-802-1x/833592/2","author":{"@type":"Person","name":"matt7863","url":"https://community.spiceworks.com/u/matt7863"}},{"@type":"Answer","text":"
Thank you m@ttshaw. while checking document Configure EAP-TLS Authentication with ISE - Cisco<\/a> it says we need to install cert to Cisco ISE & not WLC.<\/p>\n Also, i have pfx cert & was looking a way to import it to Cico ISE for this 802.1x authentication for wireless clients. i dont want to create csr from Cisco ISE.<\/p>\n Appreciate your help<\/p>","upvoteCount":0,"datePublished":"2022-05-25T14:43:28.000Z","url":"https://community.spiceworks.com/t/wireless-authentication-using-802-1x/833592/3","author":{"@type":"Person","name":"rajgurung","url":"https://community.spiceworks.com/u/rajgurung"}},{"@type":"Answer","text":" You are correct, ISE needs the server identity certificate for EAP-TLS. I found this doc Understand and Configure EAP-TLS with a WLC and ISE - Cisco<\/a> which has a diagram.<\/p>\n The ISE manual only covers requesting a cert via a CSR. check out the CLI reference there may be a way to import an existing from pfx (assuming you have the private key).<\/p>","upvoteCount":0,"datePublished":"2022-05-27T08:40:33.000Z","url":"https://community.spiceworks.com/t/wireless-authentication-using-802-1x/833592/4","author":{"@type":"Person","name":"matt7863","url":"https://community.spiceworks.com/u/matt7863"}}]}}