pamuditha_abeysekara's profile

76 Messages

 • 

1.1K Points

Mon, Sep 25, 2017 5:40 PM

Active Directory Authentication for WiFi Client

Hi All, 

I have controller-managed AP zone where I need SSID for Active Directory based authentication. Active Directory is located at Branch site and Controller is at HQ. 

I am planning to follow below steps with my current understanding. Need your help to verify my steps. 
1.) Create AAA profile with Active Directory mode, port 369 and Customer AD IP. 
2.) Create SSID with Web Authentication option. 
3.) AD will be locally reachable to AP and no routes through controller. 

Will these steps suffice. ? 
Additionally I do have below queries. 
A.) Can anyone share guide for how setup Windows Server for above requirement. 
B.) Can I customize this web auth portal & Will that be hosted in AP itself? 
C.) Any additional advices would be appreciated as well. 

Thanks
GPMPA

90 Messages

 • 

1.8K Points

4 y ago

Hi,

I have not tried AAA auth with a web-portal, only 802.1x + WPA2.
On all the sites we've done that, the AAA server is only reachable via a route in the controller, the AP's does not ask directly, but I think that is possible..

In all our setups, we don't use AD directly, but the Radius server in AD. Seems much more reliable, and you don't need to authenticate an AD admin on the box, just have shared secret setup.

There is a guide/article here on the forum somewhere, try search for it.

76 Messages

 • 

1.1K Points

4 y ago

Thanks for the insights Jacob.
Here customer requires on site AD to be used with web portal.

Thanks

222 Messages

 • 

3.6K Points

4 y ago

Pretty sure the ZD only works in RADIUS-Proxy mode where controller proxies all AAA messaging. I'll try and find the statement

76 Messages

 • 

1.1K Points

4 y ago

Hi Robert,
This is a vSZ -H deployment. Usually this supports both proxy and non-proxy mode for AAA. But not sure about AD as well as don't know how to config AD in this scenario.

Thanks
Pamuditha

222 Messages

 • 

3.6K Points

4 y ago

Sorry my  bad. Anyways, here's an extract from the vSZ-H Admin Guide:

76 Messages

 • 

1.1K Points

4 y ago

Hi Robert, 

Thanks. Will update here with the results of testing. 

Thanks again. 

1 Message

 • 

14 Points

Hello Pamuditha,

* Did you succeed with this activity?

Regards,
Josemanuel

Important Announcement