https://community.cisco.com/t5/network-access-control/ms-nap-with-cisco-switch-3750/m-p/1622535#M249260 <P></P><P>Hi,</P><P></P><P>I am trying to implement 802.1X authentication on MS NAP (Windows 2008 r2) with access switch WS-C3750-48TS-E (C3750 Software (C3750-IPSERVICES-M), Version 12.2(50)SE3).</P><P>I am using dynamic VLAN assignments, like guest VLAN, restricted(critical) VLAN, unauthorized VLAN for wired clients.This works flawlessly.</P><P>I want to use only one SSID for wireless clients and the same dynamic VLAN assignments. Is it possible to use "authentication host-mode multi-auth" mode for configuring switch port with connected Cisco AP 1242G on it ?</P><P></P><P>Example configuration:</P><P></P><P>description Cisco 1242G AP</P><P> switchport access vlan 2223</P><P> switchport mode access</P><P> switchport voice vlan 998</P><P> authentication event fail retry 1 action authorize vlan 2226</P><P> authentication event server dead action authorize vlan 2227</P><P> authentication event no-response action authorize vlan 2224</P><P> authentication event server alive action reinitialize</P><P> authentication host-mode multi-auth</P><P> authentication port-control auto</P><P> authentication periodic</P><P> authentication timer reauthenticate 300</P><P> authentication violation protect</P><P> mab</P><P> dot1x pae authenticator</P><P> dot1x timeout quiet-period 10</P><P> dot1x timeout tx-period 1</P><P> dot1x max-reauth-req 1</P><P> spanning-tree portfast</P><P> spanning-tree bpduguard enable</P><P></P><P></P><P>Do I have to enable 802.1X auth on the AP or it has to be pass-through for wireless clients ? Is this port configuration consistent ?</P><P>As far I managed to authenticate the AP via MAB as a RADIUS client, but no wireless clients has been authenticated.</P><P>Any help would be appreciated.</P><P></P><P>Thank you in advance !</P><P></P> Mon, 11 Mar 2019 00:55:16 GMT Ivaylo Terziyski 2019-03-11T00:55:16Z https://community.cisco.com/t5/network-access-control/ms-nap-with-cisco-switch-3750/m-p/1622535#M249260 <P></P><P>Hi,</P><P></P><P>I am trying to implement 802.1X authentication on MS NAP (Windows 2008 r2) with access switch WS-C3750-48TS-E (C3750 Software (C3750-IPSERVICES-M), Version 12.2(50)SE3).</P><P>I am using dynamic VLAN assignments, like guest VLAN, restricted(critical) VLAN, unauthorized VLAN for wired clients.This works flawlessly.</P><P>I want to use only one SSID for wireless clients and the same dynamic VLAN assignments. Is it possible to use "authentication host-mode multi-auth" mode for configuring switch port with connected Cisco AP 1242G on it ?</P><P></P><P>Example configuration:</P><P></P><P>description Cisco 1242G AP</P><P> switchport access vlan 2223</P><P> switchport mode access</P><P> switchport voice vlan 998</P><P> authentication event fail retry 1 action authorize vlan 2226</P><P> authentication event server dead action authorize vlan 2227</P><P> authentication event no-response action authorize vlan 2224</P><P> authentication event server alive action reinitialize</P><P> authentication host-mode multi-auth</P><P> authentication port-control auto</P><P> authentication periodic</P><P> authentication timer reauthenticate 300</P><P> authentication violation protect</P><P> mab</P><P> dot1x pae authenticator</P><P> dot1x timeout quiet-period 10</P><P> dot1x timeout tx-period 1</P><P> dot1x max-reauth-req 1</P><P> spanning-tree portfast</P><P> spanning-tree bpduguard enable</P><P></P><P></P><P>Do I have to enable 802.1X auth on the AP or it has to be pass-through for wireless clients ? Is this port configuration consistent ?</P><P>As far I managed to authenticate the AP via MAB as a RADIUS client, but no wireless clients has been authenticated.</P><P>Any help would be appreciated.</P><P></P><P>Thank you in advance !</P><P></P> Mon, 11 Mar 2019 00:55:16 GMT https://community.cisco.com/t5/network-access-control/ms-nap-with-cisco-switch-3750/m-p/1622535#M249260 Ivaylo Terziyski 2019-03-11T00:55:16Z https://community.cisco.com/t5/network-access-control/ms-nap-with-cisco-switch-3750/m-p/1622536#M249264 <HTML><HEAD></HEAD><BODY><P></P><DIV><P>Hi,</P><P></P><P>hope I find you well. Can we proceed with the issue I had described ?</P><P>Regards.</P></DIV><P></P></BODY></HTML> Wed, 06 Apr 2011 21:13:18 GMT https://community.cisco.com/t5/network-access-control/ms-nap-with-cisco-switch-3750/m-p/1622536#M249264 Ivaylo Terziyski 2011-04-06T21:13:18Z https://community.cisco.com/t5/network-access-control/ms-nap-with-cisco-switch-3750/m-p/1622537#M249271 <HTML><HEAD></HEAD><BODY><P><SPAN></SPAN></P><P>At least could anybody answer if the configuration on Cisco switch port is correct for connectiong Cisco AP 1242G to it.</P><P>Should the port be configured as access port or it should be trunk port ?</P><P></P><P></P></BODY></HTML> Thu, 05 May 2011 10:05:33 GMT https://community.cisco.com/t5/network-access-control/ms-nap-with-cisco-switch-3750/m-p/1622537#M249271 Ivaylo Terziyski 2011-05-05T10:05:33Z