Share via

help configuring 802.1x on test network

acenyc 81 Reputation points
2021-02-08T19:56:25.163+00:00

I have a test network that I am using for testing. I have a domain controller and a Cisco 5508 wireless controller with a Cisco 1262n access point. The 1262n access point is in autonomous mode. I am trying to configure 802.1x on my network so that only one user group will be able to access a wlan/ssid using wi-fi from a laptop. I am using this webpage as a source for this configuration.

https://secopsmonkey.com/radius-for-asa-on-windows-server-2012r2.html

I have the network access policy server configured on my domain controller. I also have the certificate authority role installed on the domain controller.
I have not been able to get the configuration to work. After I complete the configuration from the webpage, and I try to connect to the wlan/ssid, the system never asks me for an active directory user name and password. The system only asks me for a network key which it does not accept.

I have three questions:
I used the Cisco 1162n access point as the radius client. Should I use the IP address of the Cisco 5508 controller as the RADIUS client?
After I configure the IP address of the Cisco 5508 controller as the RADIUS client, Do I need to make a configuration in the security/RADIUS section of the Cisco 5508 controller? Do I also have to configure the accounting on the Cisco 5508 controller?
Do I have to configure the wireless network adapter on the laptop I am using to login to wlan/ssid for 802.1x ? I have noticed that I have to be connected to a wireless network before I can get access to the wireless properties of the network adapter to configure the 802.1x properties.

Any assistance or guidance would be appreciated.
Thank you.

Windows for business Windows Server User experience Other
0 comments
Accepted answer
  1. Anonymous
    2021-02-09T07:47:16.05+00:00

    Hi ,

    Please understand, since Cisco is a third-party product which we are not familiar with , for cisco related part, you may contact Cisco support for further help.

    See if the following link can help with you:

    Cisco 9800 802.1X/EAP User Authentication with Windows RADIUS (NPS)

    Tutorial: 802.1X Authentication via WiFi – Active Directory Network Policy Server Cisco WLAN Group Policy

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Candy

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. acenyc 81 Reputation points
    2021-02-09T12:51:52.247+00:00

    Thank you very much. This information may help me make this configuration. I will try it later.

  2. acenyc 81 Reputation points
    2021-02-11T17:24:10.453+00:00

    Sorry for the delay. Okay, I made the configuration following the instructions you gave me. Unfortunately, it's not working. I have 5 laptops that the finance group uses. I wanted to configure the 802.1x so that only users and computers of the finance group would be able to connect to the finance wlan/ssid. On two of the laptops, the finance ssid can be seen, but it's allowing any user on the domain to connect to it. And, it's does not ask for a username and password. It's only asks for a network key. On two other laptops, the computer can not see the finance ssid at all, even when I add the finance profile manually. On the last laptop, the system can see the finance ssid, but there is an x in the icon, it says "secured", but it only asks for a network key, and it does not allow any user to connect to it. There is definitely something wrong with the configuration. I'm going to move on to something else. Is there anything that I check to see what might be causing the problem?
    Thank you very much for trying to assist me. I will get it working at some point in the future.

    0 comments
  3. Anonymous
    2021-02-12T03:13:11.847+00:00

    Hi ,

    Which authentication method did you use ? PEAP-MSCHAP-v2 or EAP-TLS? PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS because user authentication is performed by using password-based credentials (user name and password), instead of certificates or smart cards.

    Make sure you create security groups for Wireless Users, you can see the steps below:

    Create a Wireless Users Security Group

    Add Users to the Wireless Users Security Group

    Please refer to the following Microsoft official article to deploy wireless access:

    Wireless Access Deployment

    Hope this can help you.

    Best Regards,

    Candy

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.