Does anyone have experience, and is willing to share, on setting up access points where the connected users are authenticated through 802.1x?
Here is my setup. Cisco 1240AG and 1131AG connected to an 802.1x enabled switch. The switch gets puts users on different VLANS depending on access (wired authentication already works). MS Server 2008 acting as RADIUS.
My goal is to have one SSID. When guests connects, they do not authenticate and are put on a guest VLAN. Authenticated users are put on a different VLAN.
Thank you in advance for any help on this subject.
I prefer one SSID for corporate user and one for guest. If you want I can share a example config. If you want to use just one SSID I need to cehck if I could help you. let me know I think I will have a moment today to share some things with you.
I can get by with 1 ssid for corporate and 1 for guests. The biggest thing is just having one route for guests and one route for authenticated users.
Any example files you have would be great.
I am trying to implement 802.1X authentication in enterprise environment with access switch WS-C3750-48TS-E (C3750 Software (C3750-IPSERVICES-M), Version 12.2(50)SE3).
I am using dynamic VLAN assignments, like guest VLAN, restricted(critical) VLAN, unauthorized VLAN for wired clients.Everything if fine for them.
I want to use only one SSID for wireless clients. Is it possible to use "authentication host-mode multi-auth" command for configuring switch port with connected Cisco AP 1242G to it ?
description Cisco 1242G AP
switchport access vlan 2223
switchport mode access
switchport voice vlan 998
authentication event fail retry 1 action authorize vlan 2226
authentication event server dead action authorize vlan 2227
authentication event no-response action authorize vlan 2224
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication port-control auto
authentication timer reauthenticate 300
authentication violation protect
dot1x pae authenticator
dot1x timeout quiet-period 10
dot1x timeout tx-period 1
dot1x max-reauth-req 1
spanning-tree bpduguard enable
Do I have to enable 802.1X auth on the AP or it has to be pass-through for wireless clients and be the client of the switch itself (with its MAC address) ?
Thank you in advance !