Re: How can I configure the ACS authenticate both the 802.1x IP

lomonaco · ‎01-18-2010

Hi,

When I got the information to configure Lightweight Access Point as an 802.1x Supplicant in Document ID 107946,

I saw I need to configure the Switch as a AAA Client with RADIUS (Cisco Aiornet), but I already have configurated this Switch as a AAA Client with RADIUS (IOS) to support the 802.1x in IP Phone and Workstations

My question is:

How can I configure the ACS to support the same switch to authenticate both the 802.1x IP Phones Supplicant as the LWAPP 802.1x Supplicant

My Best Regards,

Thanks in Advanced

peter.mainwaring · ‎01-21-2010

Hi,

We had a similar situation where we needed to authenticate wireless users with RADIUS as well as TACACS+ users for AP configuration.

The way we did it was to create two entries in ACS for each AP. We called one "AP-NAME" and the other "AP-NAME+". The AP entries had the same IP address but different authentication methods and we used different shared keys too.

The entries were placed under different groups to keep things clearer - one group for RADIUS and one for TACACS+.

Hope that helps.

Pete

Support Team · ‎01-25-2010

Hello

If you need authenticate LWAPP AP with ACS you should do this:

1. Add switch (I hope this is Cisco Switch ) in ACS as RADIUS (Cisco IOS/PIX 6.0) device

2. Add your AP credentials as user (you can configure one credential set for all your AP on WLC)

3. Configure dot1x auth on port where you have AP

For correct phone auth you need this:

1. Configure Multi Domain Authentication on switch port

2. Configure av-pair for voice traffic on ACS

Regards,

Stanislav Kuchma

How can I configure the ACS authenticate both the 802.1x IP Phone and AP1252