Hello everyone.
Today, We will go to "LEAP Wlan". Before that, let me introduce something about Wireless authentication system. In Cisco wireless network, there are two kinds of infrastructures .
1. with Radius server
Client )) (( AP ----- Switch ---- Radius server
|
WLC
In this approach, We use one radius server as the authentication server. The Radius server can provide the service for authenticating.
2. Without Radius Server
Client )) (( AP ----- Switch ---- WLC (local authentication)
Some person will say that we do not have radius server. Do not worry, Cisco WLC can provide local authentication service.
In this post, we will use local authentication on WLC to run "LEAP WLAN" as the example.
// How to //
1. Create LEAP profile, Go to [Security] > [Local EAP] > [Profiles]
[CLI]
config local-auth eap-profile add LEAP
2. Once your finished 1. , you can edit LEAP and check LEAP
3. You can set some parameters on for this LEAP, as the example.
[CLI]
config local-auth active-timeout 360
(*, In this I suppose that the local EAP profile has to be used for at least 6 minutes when an external Radius fails)
4. Setup Layer-2 security parameters
LEAP is an 802.1x authentication mechanism (The est key is 104 bits for windows clients).
[CLI]
config wlan security wpa disable 3
config wlan security 802.1x enable 3
5. To allow the authentication to be local, enable local EAP authentication in the AAA servers tab, and choose the LEAP profile.
[CLI]
config wlan local-authe enable LEAP 3
(*, The local EAP profile will work only if your WLC does not have any external Radius to reach.)
6. Create your local user from [Security] > [AAA] > [Local Net User]
[CLI]
config netuser add wlan 3 usertype [description]
It is a little more complicated than the last post, isn't it? :)
Good luck and see you next time.
Today, We will go to "LEAP Wlan". Before that, let me introduce something about Wireless authentication system. In Cisco wireless network, there are two kinds of infrastructures .
1. with Radius server
Client )) (( AP ----- Switch ---- Radius server
|
WLC
In this approach, We use one radius server as the authentication server. The Radius server can provide the service for authenticating.
2. Without Radius Server
Client )) (( AP ----- Switch ---- WLC (local authentication)
Some person will say that we do not have radius server. Do not worry, Cisco WLC can provide local authentication service.
In this post, we will use local authentication on WLC to run "LEAP WLAN" as the example.
// How to //
1. Create LEAP profile, Go to [Security] > [Local EAP] > [Profiles]
[CLI]
config local-auth eap-profile add LEAP
2. Once your finished 1. , you can edit LEAP and check LEAP
[CLI]
config local-auth eap-profile method add leap LEAP
3. You can set some parameters on for this LEAP, as the example.
[CLI]
config local-auth active-timeout 360
(*, In this I suppose that the local EAP profile has to be used for at least 6 minutes when an external Radius fails)
4. Setup Layer-2 security parameters
LEAP is an 802.1x authentication mechanism (The est key is 104 bits for windows clients).
[CLI]
config wlan security wpa disable 3
config wlan security 802.1x enable 3
5. To allow the authentication to be local, enable local EAP authentication in the AAA servers tab, and choose the LEAP profile.
[CLI]
config wlan local-authe enable LEAP 3
(*, The local EAP profile will work only if your WLC does not have any external Radius to reach.)
6. Create your local user from [Security] > [AAA] > [Local Net User]
[CLI]
config netuser add
It is a little more complicated than the last post, isn't it? :)
Good luck and see you next time.
Reference
1.
Cisco LEAP
http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1200-series/prod_qas0900aecd801764f1.html
No comments:
Post a Comment