Solved: Thank you very much for your

NicoMaas1987 · ‎03-30-2015

Good evening,

I am working at an local University which supports wired eduroam. Wired Eduroam uses 802.1X with EAP-PEAP and MSCHAPv2 as Second Phase.

I wanted to ask wheter it is possible / and how to configure an ASA5505 as wired 802.1X Client on the Outside Interface.

I only found Static IP, DHCP and PAP, but I would need to use EAP-PEAP with MSCHAPv2 as described above.

Thank you very much,

Nico

Marvin Rhoads · ‎03-30-2015

In addition to what Karsten said - you would have to setup the ASA as a MAC Authentication Bypass (MAB) device (as opposed to a supplicant) for the ASA itself.

Clients directly connected to the ASA as a switch cannot use it as the Network Access Device (NAD) in the context of an 802.1x setup.

View solution in original post

Karsten Iwen · ‎04-01-2015

The build-in switch of the ASA 5505 is quite limited. It's not possible on the 5505 to configure a switch-port as .1x-supplicant.

View solution in original post

Marvin Rhoads · ‎03-30-2015

In addition to what Karsten said - you would have to setup the ASA as a MAC Authentication Bypass (MAB) device (as opposed to a supplicant) for the ASA itself.

Clients directly connected to the ASA as a switch cannot use it as the Network Access Device (NAD) in the context of an 802.1x setup.

NicoMaas1987 · ‎04-01-2015

Thank you very much for your helpful answers :). I solved the problem by using an additional Linux Device for the 802.1x access.

Karsten Iwen · ‎04-01-2015

The build-in switch of the ASA 5505 is quite limited. It's not possible on the 5505 to configure a switch-port as .1x-supplicant.

Configure ASA5505 as 802.1X Client / Wired Eduroam