https://community.cisco.com/t5/wireless/ap-authenticated-with-radius/m-p/2108861#M15089 <HTML><HEAD></HEAD><BODY><P>Thank you Amjad, I knew that but my question is far beyond. Is it possible to authenticate an OfficeExtend AP remotely with RADIUS?</P><P></P><P>This means, is it WLC capable of authenticate remote APs agains RADIUS or is this feature not under specifications?</P><P></P><P>Regards.</P></BODY></HTML> Tue, 18 Dec 2012 11:35:21 GMT JPavonM 2012-12-18T11:35:21Z https://community.cisco.com/t5/wireless/ap-authenticated-with-radius/m-p/2108858#M15086 <P>Is it possible to authenticate an autonomous AP against ACS so no valid AP can be deployed inside the network infraestructure?</P><P></P><P>I mean, we wnt to configure APs to validate not only wireless clients through RADIUS but itself with it's own hostname. Any idea on how to deploy it?</P><P></P><P>Thank you guys in advanced.</P> Sun, 04 Jul 2021 06:07:39 GMT https://community.cisco.com/t5/wireless/ap-authenticated-with-radius/m-p/2108858#M15086 JPavonM 2021-07-04T06:07:39Z https://community.cisco.com/t5/wireless/ap-authenticated-with-radius/m-p/2108859#M15087 <HTML><HEAD></HEAD><BODY><P>You need to configure the switch for port-based authentication then provide the correct credentials on the AP. When the AP is attached to the switch the AP will authenticate via the radius server (that is configured on the switch). only correctly authenticated APs will be allowed on the network.</P><P></P><P><A class="jive-link-external-small" href="http://tiny.cc/752hpw">http://tiny.cc/752hpw</A></P><P></P><P>HTH</P><P></P><P>Amjad</P><P></P><P><SPAN style="color: blue;">Rating useful replies is more useful than saying <SPAN style="color: green;"> "<SPAN style="text-decoration: underline;">Thank you</SPAN>"</SPAN></SPAN></P></BODY></HTML> Tue, 18 Dec 2012 07:04:12 GMT https://community.cisco.com/t5/wireless/ap-authenticated-with-radius/m-p/2108859#M15087 Amjad Abdullah 2012-12-18T07:04:12Z https://community.cisco.com/t5/wireless/ap-authenticated-with-radius/m-p/2108860#M15088 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>For AP to autheticate wireless users you would be adding the AP's on the ACS as a aaa client. You will have to specify a shared key on ACS and the same key has to be used on AP as well.</P><P></P><P>So by default AP's can autheticate wireless clients only when the both ACS and AP has the same shared key. So why do you need to autheticate the AP again on ACS since the shared key authetication is already happening between AP and ACS.</P><P></P><P>Sorry i didnt get your point here <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P><P></P><P>Regard</P><P></P><P>Najaf</P></BODY></HTML> Tue, 18 Dec 2012 11:35:19 GMT https://community.cisco.com/t5/wireless/ap-authenticated-with-radius/m-p/2108860#M15088 kcnajaf 2012-12-18T11:35:19Z https://community.cisco.com/t5/wireless/ap-authenticated-with-radius/m-p/2108861#M15089 <HTML><HEAD></HEAD><BODY><P>Thank you Amjad, I knew that but my question is far beyond. Is it possible to authenticate an OfficeExtend AP remotely with RADIUS?</P><P></P><P>This means, is it WLC capable of authenticate remote APs agains RADIUS or is this feature not under specifications?</P><P></P><P>Regards.</P></BODY></HTML> Tue, 18 Dec 2012 11:35:21 GMT https://community.cisco.com/t5/wireless/ap-authenticated-with-radius/m-p/2108861#M15089 JPavonM 2012-12-18T11:35:21Z https://community.cisco.com/t5/wireless/ap-authenticated-with-radius/m-p/2108862#M15090 <HTML><HEAD></HEAD><BODY><P>I already have APs authenticated against ACS and the clients are authenticating too, but the customer told me about aditional AP authentication, like AP-switch pair throug dot1x. </P><P></P><P>I know from your response that the only way to authenticate the remote AP in ACS is through shared secret. Now I see this is not possible to add aditional security for this registration.</P><P></P><P>Kind regards again.</P></BODY></HTML> Tue, 18 Dec 2012 12:21:28 GMT https://community.cisco.com/t5/wireless/ap-authenticated-with-radius/m-p/2108862#M15090 JPavonM 2012-12-18T12:21:28Z https://community.cisco.com/t5/wireless/ap-authenticated-with-radius/m-p/2108863#M15091 <HTML><HEAD></HEAD><BODY><P>OfficeExtend!!!! Your better off just using an MAC address filter list then for the AP's to join. So what we do for our engineer lab is add a Mac filter for every AP that is allowed to join a 5508 dedicated for OfficeExtend. This may not work for you, but there is no way you can use ACS to auth the AP if you don't control the switches at the users home.<BR /><BR />Sent from Cisco Technical Support iPhone App</P></BODY></HTML> Tue, 18 Dec 2012 12:56:03 GMT https://community.cisco.com/t5/wireless/ap-authenticated-with-radius/m-p/2108863#M15091 Scott Fella 2012-12-18T12:56:03Z