Hi,

I am trying to implement 802.1X authentication on MS NAP (Windows 2008 r2) with access switch WS-C3750-48TS-E (C3750 Software (C3750-IPSERVICES-M), Version 12.2(50)SE3).

I am using dynamic VLAN assignments, like guest VLAN, restricted(critical) VLAN, unauthorized VLAN for wired clients.This works flawlessly.

I want to use only one SSID for wireless clients and the same dynamic VLAN assignments. Is it possible to use "authentication host-mode multi-auth" mode for configuring switch port with connected Cisco AP 1242G on it ?

Example configuration:

description Cisco 1242G AP

switchport access vlan 2223

switchport mode access

switchport voice vlan 998

authentication event fail retry 1 action authorize vlan 2226

authentication event server dead action authorize vlan 2227

authentication event no-response action authorize vlan 2224

authentication event server alive action reinitialize

authentication host-mode multi-auth

authentication port-control auto

authentication periodic

authentication timer reauthenticate 300

authentication violation protect

mab

dot1x pae authenticator

dot1x timeout quiet-period 10

dot1x timeout tx-period 1

dot1x max-reauth-req 1

spanning-tree portfast

spanning-tree bpduguard enable

Do I have to enable 802.1X auth on the AP or it has to be pass-through for wireless clients ? Is this port configuration consistent ?

As far I managed to authenticate the AP via MAB as a RADIUS client, but no wireless clients has been authenticated.

Any help would be appreciated.

Thank you in advance !