Cisco controller Layer 3 authentication(CWP) with Windows 2008 NPS

If you want use captive web portal authentication for wireless users using Cisco wireless lan controller (WLC) and Windows NPS as the RADIUS server you need to tick few boxes that are not ticked by default. In simple term you need to enable PAP in the NPS network policy.

WLC configuration,

Create a SSID

Select no Layer 2 security 

Select "Web policy" as layer 3 security 

Windows NPS configuration 

Select NPS and click on configure 802.1x

Finally the pkt capture at the RADIUS server looks like this. The service type is "login", instead of "Framed".