5-38
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 5 Configuring Security Solutions
Configuring Local EAP
User Attribute................................... uid
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Bind Method ..................................... Authenticated
Bind Username................................. user1
Information similar to the following appears for the
show ldap summary
command:
Idx Server Address Port Enabled
--- --------------- ---- -------
1 2.3.1.4 389 No
2 10.10.20.22 389 Yes
Information similar to the following appears for the
show ldap statistics
command:
Server Index..................................... 1
Server statistics:
Initialized OK................................. 0
Initialization failed.......................... 0
Initialization retries......................... 0
Closed OK...................................... 0
Request statistics:
Received....................................... 0
Sent........................................... 0
OK............................................. 0
Success........................................ 0
Authentication failed.......................... 0
Server not found............................... 0
No received attributes......................... 0
No passed username............................. 0
Not connected to server........................ 0
Internal error................................. 0
Retries........................................ 0
Server Index..................................... 2
...
5.
To make sure the controller can reach the LDAP server, enter this command:
ping
server_ip_address
6.
To save your changes, enter this command:
save config
7.
To enable or disable debugging for LDAP, enter this command:
debug aaa ldap
{
enable
|
disable
}
Configuring Local EAP
Local EAP is an authentication method that allows users and wireless clients to be authenticated locally.
It is designed for use in remote offices that want to maintain connectivity to wireless clients when the
backend system becomes disrupted or the external authentication server goes down. When you enable
local EAP, the controller serves as the authentication server and the local user database, thereby
removing dependence on an external authentication server. Local EAP retrieves user credentials from
the local user database or the LDAP backend database to authenticate users. Local EAP supports LEAP,
EAP-FAST, EAP-TLS, PEAPv0/MSCHAPv2, and PEAPv1/GTC authentication between the controller
and wireless clients.