cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2923
Views
0
Helpful
8
Replies

Access point and Switch configuration for EAP

zafar_118
Level 1
Level 1

Hello,

What will be difference when 802.1x is configured or not configured on switch i.e.

A wireless access point is configured with eap authentication. The AP connects to a switch whose port is configured with 802.1x. Wireless clients connect to the AP and get authenticated with Radius Server (Authentication Server)

                                                                             Vs

A wirless access point is configured with eap authentication but no 802.1x configured on switch port connecting to AP. Wireless Clients connect to AP and get authentication with Raidus Server (authentication server)

Thanks

Best Regards,

1 Accepted Solution

Accepted Solutions

stefan.angerer
Level 1
Level 1

In that case it's not necessary and even not possible to use dot1x on the switchport.
just enable it on your SSID(s).

Regards
Stefan

Sent from Cisco Technical Support iPhone App

View solution in original post

8 Replies 8

Scott Fella
Hall of Fame
Hall of Fame

Well you don't ever want to configure an access point port for 802.1x.... will not work since the AP can't authenticate itself to the switch using 802.1x. You need to not configure 802.1x on the switch and just use 802.1x on the access point.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Hi Scott,

Thanks for your quick reply but if you see the below link for cisco documentation i.e.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_13_ea1/configuration/guide/Sw8021x.html

In middle of page (Figure 9.3), the switch port connected to AP is configured for 802.1x.

Should that topology/configuration be used or only configured on AP?

thanks

Hi Scott,

Any suggestions on my last post?

Thanks

Hi,

just follow the link from my previous post, it will lead to another thread on this forum where a similar question has been answered.

regards

Stefan

Hi Stefan

Thanks for your quick response. I read the forum and i think i am missing something.

The goal is  to authenticate the wireless clients and not the APs. There is no WLC installed.All the users are Active directory users.

Now for this scanerio, i know that we will configure the AP with EAP authentication but do i need to configure the switchport connecting to AP for 802.1x or no?

Your response will be highly appreciated.

Thanks

stefan.angerer
Level 1
Level 1

Hi,

if you are using a wlan controller, and you have a radius server that allows to use EAP-FAST (like ACS or ISE), then authenticating APs on the switchport is an option.

Please see this thread for more details:

https://supportforums.cisco.com/message/3661749#3661749

regards

Stefan

stefan.angerer
Level 1
Level 1

In that case it's not necessary and even not possible to use dot1x on the switchport.
just enable it on your SSID(s).

Regards
Stefan

Sent from Cisco Technical Support iPhone App

thanks

Review Cisco Networking for a $25 gift card