Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1927
Views
0
Helpful
6
Replies

Wireless AP with 802.1x

humphrey.j
Level 1
Level 1

‎12-07-2010 01:50 PM - edited ‎03-03-2019 06:09 AM

Does anyone have experience, and is willing to share, on setting up access points where the connected users are authenticated through 802.1x?

Here is my setup. Cisco 1240AG and 1131AG connected to an 802.1x enabled switch. The switch gets puts users on different VLANS depending on access (wired authentication already works). MS Server 2008 acting as RADIUS.

My goal is to have one SSID.  When guests connects, they do not authenticate and are put on a guest VLAN. Authenticated users are put on a different VLAN.

Thank you in advance for any help on this subject.

Labels:
0 Helpful
6 Replies 6

Sebastian Helmer
Level 5
Level 5

‎12-09-2010 10:49 AM

HI Joshua,

I prefer one SSID for corporate user and one for guest. If you want I can share a example config. If you want to use just one SSID I need to cehck if I could help you. let me know I think I will have a moment today to share some things with you.

- Sebastian

0 Helpful

humphrey.j
Level 1
Level 1
In response to Sebastian Helmer

‎12-09-2010 11:40 AM

Sebastian,

I can get by with 1 ssid for corporate and 1 for guests. The biggest thing is just having one route for guests and one route for authenticated users.

Any example files you have would be great.

0 Helpful

Sebastian Helmer
Level 5
Level 5
In response to humphrey.j

‎12-14-2010 11:21 AM

sorry but I was ill, tomorrow I will give you

some information if they are still necessary.

0 Helpful

humphrey.j
Level 1
Level 1
In response to Sebastian Helmer

‎12-14-2010 11:24 AM

That would be great. Thank you.

0 Helpful

Sebastian Helmer
Level 5
Level 5
In response to humphrey.j

‎12-15-2010 12:27 AM

Hey Joshua,

attached you find an example config, wiht not our real vlans.

vlan 3 is management vlan for the ap and this ip is configured as rad client in the nps.

we use @corporate wpa2 enterprise with ms-chap v2 authentication.

hope tha helps.

Sebastian

77047-example_conf.txt.zip
0 Helpful

Ivaylo Terziyski
Level 1
Level 1

‎03-14-2011 03:12 PM

Hi,

I am trying to implement 802.1X authentication in enterprise environment with access switch WS-C3750-48TS-E (C3750 Software (C3750-IPSERVICES-M), Version 12.2(50)SE3).

I am using dynamic VLAN assignments, like guest VLAN, restricted(critical) VLAN, unauthorized VLAN for wired clients.Everything if fine for them.

I want to use only one SSID for wireless clients. Is it possible to use "authentication host-mode multi-auth" command for configuring switch port with connected Cisco AP 1242G to it ?

Example configuration:

description Cisco 1242G AP

switchport access vlan 2223

switchport mode access

switchport voice vlan 998

authentication event fail retry 1 action authorize vlan 2226

authentication event server dead action authorize vlan 2227

authentication event no-response action authorize vlan 2224

authentication event server alive action reinitialize

authentication host-mode multi-auth

authentication port-control auto

authentication periodic

authentication timer reauthenticate 300

authentication violation protect

mab

dot1x pae authenticator

dot1x timeout quiet-period 10

dot1x timeout tx-period 1

dot1x max-reauth-req 1

spanning-tree portfast

spanning-tree bpduguard enable

Do I have to enable 802.1X auth on the AP or it has to be pass-through for wireless clients and be the client of the switch itself (with its MAC address) ?

Thank you in advance !

0 Helpful
Customers Also Viewed These Support Documents