3802I - 3800 DOT1X 802.1x - AP does not leverage credentials

Jacob-Harris · ‎10-27-2016

Community,

We've used 3602's for some time now, and have configured them to leverage a user name and pass to authenticate to the network switches via 802.1x vs force authenticating the network ports for the AP's.

We've recently started to deploy 3802's and are not able to get them to authenticate to the network.

The controller supports this configuration, and we can't find anything that says the 3802 won't support this as a change.

Does anyone have any idea if somethings changed? or something special to get this working again?

Thanks,

jgardner150 · ‎10-27-2016

We just took a look at the 8.2 release notes and it states it is not a supported feature on the 3800 series along with other x800 series.

Features Not Supported on Cisco Aironet 1810 OEAP, 1810W, 1830, 1850, 2800, and 3800 Series APs

Table 12 Features Not Supported on Cisco Aironet 1810 OEAP, 1810W, 1830, 1850, 2800 and 3800 Series APs
Operational Modes	Spectrum Expert Connect Workgroup Bridge (WGB) mode as a part of Cisco Mobility Express Mesh mode Flex plus Mesh 802.1x supplicant for AP authentication on the wired port

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn82mr1.html

swapsakker · ‎10-31-2016

Seems like it will not be supportet in 8.2 and also not in 8.3.

swapsakker · ‎11-01-2016

Just got the info, that it will be back in a later release in about a mounth.

Guillaume BARBEROT · ‎04-11-2018

hi

we are in 2018, april, and it seems it is not available even in version 8.5 ?

https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn85mr2.html#not_supported_key_AP_features_85

cannot believe that it's been removed

any idea if this feature will be added ?

swapsakker · ‎04-11-2018

GREAT, if it is finally comming ..

b.vanderkolk · ‎04-11-2018

It seems now supported in WLC 8.6 bus this version doesn’t work on a WLC2504.. arghhh... Cisco.. what the f@#%^k. Anyone tips how to make this work?? (wlc2504+2802i)?

patoberli · ‎04-12-2018

Disable 802.1x on the port where the AP is connected to. There sadly isn't really another way.

b.vanderkolk · ‎04-12-2018

Thanks, i already came to the same conclusion that using MAB or completely disabling dot1x on the port is the only option for now..

patoberli · ‎04-12-2018

What you could do, try to raise a TAC for backporting this feature into the older 8.5 version. I wouldn't have much hope that it will get integrated, but you never know.

b.vanderkolk · ‎04-19-2018

I've created a TAC case and contacted our Cisco sales representative so let's hope for the best. If anyone that whishes to use this feature creates a TAC case we maybe have a chance..

Odd Kare Aunan · ‎11-28-2018

Did you get any response from TAC on this?

Cody Hensc303 · ‎01-03-2019

It appears that they are finally doing something about this in the 8.7 release. And rather than just having username/password you will actually be able to use cert based auth (EAP-TLS / EAP-PEAP). Fingers crossed it actually works there, we're still on an 8.5 release and it doesn't look like there are any stable 8.7 releases at this point.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-7/b_802_1x_eap_supplicant_on_cos_ap.html

b.vanderkolk · ‎01-06-2019

Last comment that i got from Cisco sales is that they suggested that i should buy a new WLC, for example the 3504.

swapsakker · ‎01-07-2019

Great. So don't fix it, just buy new.... Not a great answer !!