Hi Scott,

butchoi_seso · ‎01-19-2016

Hi All,

I have 4 units of AIR-CAP2602I-A-K9 cisco aironet. I need to configure this AP to Radius server configurations.

1. All 4 units same SSID.

2. This 4 units of will be deploy to different locations.

3. This 4 units only one vlan

4. Radius server configurations.

What should be the best practice for configurations?

This is standalone AP's. i don't use WLC.

Thanks!

Scott Fella · ‎01-19-2016

It depends on what type of 802.1x you want to use? First off, your radius server will need a certificate and typically having a PKI infrastructure that includes a Certificate Authority server(s) is recommended. EAP-TLS requires a certificate also in the client and is best if you have a PKI infrastructure. PEAP will use AD credentials and Machine Auth will use Domain computer credentials. You can search for the different EAP types mentioned to help you understand the various types and help you decide what works for your environment. PEAP is best if you have a small network and have to allow smartphones and or none Windows devices.

As far as the autonomous configuration goes, the setup is the same for each and the radius server is where you will define the EAP type.

You can just search for Cisco autonomous EAP configuration and you will see a bunch of examples:

http://www.cisco.com/c/en/us/td/docs/wireless/technology/peap/technical/reference/peap4/PEAP_D.html

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

butchoi_seso · ‎01-19-2016

Hi Scott,

Thanks for the reply,

1. We will use wireless standards.

2. We will use AD credentials and Machine Auth will use Domain computer credentials.

If we allowed smartphone and tablet to connect with our networks what should be the configurations?

Can you show me configurations for 4 AP's? using radius server?

Thanks!

Scott Fella · ‎01-19-2016

For configuration of your Autonomous AP for any EAP type:

http://www.cisco.com/c/en/us/support/docs/wireless/aironet-1100-series/44844-leapserver.html

http://mrncciew.com/2013/11/14/autonomous-ap-with-external-radius/

The AP setup will be the same if you use machine Auth and or PEAP. It's your policies on the radius server that you will need to define properly.

If you plan on allowing smartphones on the wireless using AD credentials, then might a well use PEAP. There is no need to use machine and PEAP (User Credentials) together.

Once you get this part working, then you need to setup WDS. Here is a guide or else you can search for more guides, blogs or videos on this.

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116597-config-wds-radius-00.html#anc9

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

butchoi_seso · ‎01-19-2016

Thanks Scott!

Can you show me cli configurations command for utonomous AP for any EAP type? same as well PEAP configurations.

Im not familiar WDD, how it related to my network configurations?

Thanks!

Scott Fella · ‎01-19-2016

I meant WDS:) This helps with roaming when using 802.1x.

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

butchoi_seso · ‎01-19-2016

Okey . Scott,

i can't rate this tread cause you don't send me the cli configurations. we need need to try it.

Thanks

AIR-CAP2602I-A-K9 Authentication with RADIUS Server Configurations