cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
470
Views
15
Helpful
10
Replies
Highlighted
Beginner

802.1x authentication

Hi,

 

I need to configure an SSID which will use 802.1x authentication for ipods corporate network.

Is there an option in cisco Wireless environment to use 802.1x authentication without the use of RADIUS servers?

 

Everyone's tags (1)
10 REPLIES 10
Highlighted
VIP Mentor

Re: 802.1x authentication

You can use local EAP on WLC but its not recommanded from my side.

 

https://mrncciew.com/2013/04/21/configuring-local-eap-on-wlc/

 

Best case would be to use cisco ISE integrated with WLC.

 

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/201044-802-1x-authentication-with-PEAP-ISE-2-1.html

 

Regards

Dont forget to rate helpful posts

Highlighted
Beginner

Re: 802.1x authentication

We donot have ISE in our network.

I am looking for the options that I can configure along with 802.1x without RADIUS server.

Highlighted
VIP Mentor

Re: 802.1x authentication

If you dont have RADIUS then there is no other option.

Highlighted
Beginner

Re: 802.1x authentication

 Can  static WEP be combined? Can the MAC filtering be combined here along with 802.1x?

 

I have the APs joining this WLC on flexconnect mode.

Highlighted
VIP Mentor

Re: 802.1x authentication

you can combine: Static-WEP+ 802.1x  

 

more info about layer 2 and layer 3 security comptibility :

 

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/106082-wlc-compatibility-matrix.html

 

Regards

Dont forget to rate helpful posts

Highlighted
VIP Advocate

Re: 802.1x authentication

Do NOT use WEP!!!
WEP will restrict you to maximum 54 Mbit/s on the AP (no 802.11n and newer features). As WEP is = no encryption use better OPEN without encryption instead of WEP, it provides the same (= none) security.
Highlighted
Beginner

Re: 802.1x authentication

Basically, I am  looking for a solution that would provide 802.1x authentication for non domain clients. So this would involve L2 security as WPA+WPA2 and Authentication key management as 802.1x without a RADIUS server. Is this solution possible?

 

 As  a second option, can I have  WLC based WPA2 Personal (AES) + Client MAC Address Authentication.?

All the APs are on flex connect mode.

Highlighted
VIP Mentor

Re: 802.1x authentication

HI,

 

For 802.1x you need a RADIUS server else it will not work.

 

for your 2nd option(WPA2/AES+MAC filetr): Yes its possible but you need to enter all the MAC address in WLC locally.

 

FYI: The local user database in WLC is limited to a maximum of 2048 entries and is set to a default value of 512 entries. 

 

Regards

Dont forget to rate helpful posts

Highlighted
Beginner

Re: 802.1x authentication

Cool.

 

So, the Layer2 security WPA+WPA2 and authentication key management as 802.1x and mac filtering will work?

The Aps are in flexconnect mode..  Would this combination work?

 

I notice in the WLC footnotes that mac filtering is not supported for flexconnect APs.

Highlighted
VIP Mentor

Re: 802.1x authentication

yes you are right..

 

MAC Filtering is not supported on FlexConnect access points in standalone mode. 

 

 

Regards

Dont forget to rate helpful posts

CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey