Cyberoam Integration with Cisco WLC

SOURCE: https://kb.cyberoam.com/print.asp?id=3080&Lang=1&SID=

In the above scenario, you can configure Single Sign On (SSO) for wireless users authenticating with a RADIUS Server by:
•  Configuring the RADIUS Server as the RADIUS Authentication Server in the Wireless LAN Controller (WLC)
•  Configuring Cyberoam as the RADIUS Accounting Server in the WLC
•  Configuring the WLC as a RADIUS Client in Cyberoam

This article demonstrates how you can configure Cyberoam for SSO with RADIUS Accounting. In this article, as an example, we have demonstrated configuration of Cisco Wireless LAN Controller with Cyberoam.

Prerequisite

–   The RADIUS Server must be configured and populated with users. Refer to the documentation of the respective vendor for instructions.
–   The WLC (in this case Cisco WLC) must be configured for management of the WLAN(s).

Cisco WLC Configuration

Login to Cisco WLC using Administrator credentials and follow the steps below.

Step 1: Configure RADIUS Authentication Server in WLC

Go to Security > AAA > RADIUS > Authentication and add the RADIUS Server 100.1.1.5 as Authentication Server.

 

Click Apply to save changes.

Step 2: Configure RADIUS Accounting Server in WLC

Switch to Security > AAA > RADIUS > Accounting and add Cyberoam 100.1.1.1 as the Accounting Server.

Step 3: Define AAA Servers

Go to WLANs > WLANs and switch to Security tab. Under Security select AAA Servers. Define Authentication Server as the RADIUS Server and Accounting Server as Cyberoam, as shown below.

Click Apply to save changes.

Cyberoam Configuration

You must be logged on to the Web Admin Console as an administrator with Read-Write permission for relevant feature(s).

Step 1: Configure WLC as RADIUS Client

Go to Identity > Authentication > Firewall and, under SSO using RADIUS Accounting Request, configure the WLC 100.1.1.50 as the RADIUS Client.

Click Apply to save changes.

Step 2: Enable access for RADIUS SSO from LAN and DMZ

Go to System > Administration > Appliance Access and enable LAN and DMZ access of RADIUS SSO.

Click Apply to save changes.

The above configuration allows Cyberoam to receive RADIUS accounting information from the WLC which would enable SSO for users authenticated with the RADIUS Server.

Note:

Alternately, you can configure Cyberoam to receive RADIUS accounting information from the RADIUS Server itself. To achieve this:

•  In the WLC, configure the RADIUS Server 100.1.1.5 both as the Authentication and Accounting Server.
•  In Cyberoam, configure the RADIUS Server 100.1.1.5 as the RADIUS Client.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s