Configuring a Cisco Wireless LAN Controller (WLC) for WPA-PEAP and IAS

To configure a Cisco WLC for WPA-PEAP and IAS, perform the following steps:

Set up IAS security details:
1. Select Security on the Cisco WLC home page.
2. Select RADIUS Authentication under AAA.
3. Click New for RADIUS Authentication Servers.
4. Enter the IP Address of your IAS server in the Server IP Address field.
5. Select ASCII for Shared Secret Format.
6. Enter your Shared Secret as an ASCII string.
  This shared secret must be the same as the one entered in the IAS RADIUS Clients when setting up Cisco WLC as a RADIUS Client in IAS.
7. Accept the default of 1812 for Port Number.
8. Set Server Status to Enabled.
9. Accept defaults for the remaining settings, and then click Apply.
10. Select RADIUS Authentication under AAA to confirm that the Cisco WLC can reach the IAS server. For the entry of your IAS server, click Ping.
Set up the SSID details:
1. Select WLANS on the Cisco WLC home page.
2. Click New for WLANS.
3. Enter your SSID for WLAN SSID.
4. Accept defaults for the remaining settings, and then click Apply.
5. Click Edit for the SSID you entered.
6. Select 802.11 b/g for Radio Policy.
7. Check Enabled for Admin Status.
8. Set the value to 0 to indicate no session timeout for Session Timeout (Secs). Cisco WLC does not support RADIUS-set session timeouts.
9. Select Platinum (Voice) for Quality Of Service (QoS).
10. Uncheck Enabled for Client Exclusion.
11. Check Override and then enter the IP address of your DHCP server For DHCP Server.
12. Select WPA for Layer 2 Security, .
13. Accept defaults for the remaining settings, and click Apply.
Configure Cisco WLC general settings
1. Ensure the following settings:
  - AP Multicast Mode Support is enabled.
  - Load Balancing is disabled.
  - Band Select is disabled.
  - P2P Blocking Action is disabled.
  - Over The Air Provisioning of AP is disabled.
  - Client Load Balancing is disabled.