Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2894
Views
0
Helpful
8
Replies

Access point and Switch configuration for EAP

Go to solution
zafar_118
Level 1
Level 1

‎11-19-2012 10:19 AM - edited ‎07-03-2021 11:04 PM

Hello,

What will be difference when 802.1x is configured or not configured on switch i.e.

A wireless access point is configured with eap authentication. The AP connects to a switch whose port is configured with 802.1x. Wireless clients connect to the AP and get authenticated with Radius Server (Authentication Server)

                                                                             Vs

A wirless access point is configured with eap authentication but no 802.1x configured on switch port connecting to AP. Wireless Clients connect to AP and get authentication with Raidus Server (authentication server)

Thanks

Best Regards,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
stefan.angerer
Level 1
Level 1

‎11-28-2012 03:05 PM

In that case it's not necessary and even not possible to use dot1x on the switchport.
just enable it on your SSID(s).

Regards
Stefan

Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎11-19-2012 08:03 PM

Well you don't ever want to configure an access point port for 802.1x.... will not work since the AP can't authenticate itself to the switch using 802.1x. You need to not configure 802.1x on the switch and just use 802.1x on the access point.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
zafar_118
Level 1
Level 1
In response to Scott Fella

‎11-20-2012 08:51 AM

Hi Scott,

Thanks for your quick reply but if you see the below link for cisco documentation i.e.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_13_ea1/configuration/guide/Sw8021x.html

In middle of page (Figure 9.3), the switch port connected to AP is configured for 802.1x.

Should that topology/configuration be used or only configured on AP?

thanks

0 Helpful

Go to solution
zafar_118
Level 1
Level 1
In response to Scott Fella

‎11-28-2012 06:56 AM

Hi Scott,

Any suggestions on my last post?

Thanks

0 Helpful

Go to solution
stefan.angerer
Level 1
Level 1
In response to zafar_118

‎11-28-2012 06:59 AM

Hi,

just follow the link from my previous post, it will lead to another thread on this forum where a similar question has been answered.

regards

Stefan

0 Helpful

Go to solution
zafar_118
Level 1
Level 1
In response to stefan.angerer

‎11-28-2012 02:57 PM

Hi Stefan

Thanks for your quick response. I read the forum and i think i am missing something.

The goal is  to authenticate the wireless clients and not the APs. There is no WLC installed.All the users are Active directory users.

Now for this scanerio, i know that we will configure the AP with EAP authentication but do i need to configure the switchport connecting to AP for 802.1x or no?

Your response will be highly appreciated.

Thanks

0 Helpful

Go to solution
stefan.angerer
Level 1
Level 1

‎11-20-2012 12:00 AM

Hi,

if you are using a wlan controller, and you have a radius server that allows to use EAP-FAST (like ACS or ISE), then authenticating APs on the switchport is an option.

Please see this thread for more details:

https://supportforums.cisco.com/message/3661749#3661749

regards

Stefan

0 Helpful

Go to solution
stefan.angerer
Level 1
Level 1

‎11-28-2012 03:05 PM

In that case it's not necessary and even not possible to use dot1x on the switchport.
just enable it on your SSID(s).

Regards
Stefan

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
zafar_118
Level 1
Level 1
In response to stefan.angerer

‎11-28-2012 03:12 PM

thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card