03-30-2015 10:44 AM - edited 02-21-2020 05:26 AM
Good evening,
I am working at an local University which supports wired eduroam. Wired Eduroam uses 802.1X with EAP-PEAP and MSCHAPv2 as Second Phase.
I wanted to ask wheter it is possible / and how to configure an ASA5505 as wired 802.1X Client on the Outside Interface.
I only found Static IP, DHCP and PAP, but I would need to use EAP-PEAP with MSCHAPv2 as described above.
Thank you very much,
Nico
Solved! Go to Solution.
03-30-2015 12:50 PM
In addition to what Karsten said - you would have to setup the ASA as a MAC Authentication Bypass (MAB) device (as opposed to a supplicant) for the ASA itself.
Clients directly connected to the ASA as a switch cannot use it as the Network Access Device (NAD) in the context of an 802.1x setup.
04-01-2015 12:42 AM
The build-in switch of the ASA 5505 is quite limited. It's not possible on the 5505 to configure a switch-port as .1x-supplicant.
03-30-2015 12:50 PM
In addition to what Karsten said - you would have to setup the ASA as a MAC Authentication Bypass (MAB) device (as opposed to a supplicant) for the ASA itself.
Clients directly connected to the ASA as a switch cannot use it as the Network Access Device (NAD) in the context of an 802.1x setup.
04-01-2015 12:32 AM
Thank you very much for your helpful answers :). I solved the problem by using an additional Linux Device for the 802.1x access.
04-01-2015 12:42 AM
The build-in switch of the ASA 5505 is quite limited. It's not possible on the 5505 to configure a switch-port as .1x-supplicant.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide