Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1847
Views
0
Helpful
7
Replies

WLC 5508, 7.4.100.0, dot1x and web auth

eirmad
Level 1
Level 1

‎12-20-2012 04:47 AM - edited ‎07-03-2021 11:15 PM

Release notes for 7.4.100.0 states;

"Security during client authentication is enhanced by applying both 802.1X and Web Authentication for a WLAN."

Anybody know anything about this and how-to's?

Eirik

Labels:
0 Helpful
7 Replies 7

Scott Fella
Hall of Fame
Hall of Fame

‎12-20-2012 09:33 AM

That's a new feature that allows you to also use 802.1x with WebAuth. Now why would you do that... I don't know. For guest users you really want to only do ope encryption with WebAuth either pass through or authentication.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

eirmad
Level 1
Level 1
In response to Scott Fella

‎12-20-2012 11:03 AM

I know what it is. :-)

Want to test to use web auth after dot1x. Do not trust dot1x alone anymore, now that it is so easy to steal sertificates from laptops...

Would like to force users (after eap-tls with certificate) to logon using their AD cred.

Eirik

Sent from Cisco Technical Support iPad App

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to eirmad

‎12-20-2012 11:08 AM

Well I understand.... I just don't see many places going to do that due to some higher ups not wanting to have to sign in.  I see it now and thats not even using both....

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

eirmad
Level 1
Level 1
In response to Scott Fella

‎12-20-2012 11:10 AM

Do you see any other way of doung eap-tls with cert and AD logon?
Use of Cisco's AnyConnect?

Eirik

Sent from Cisco Technical Support iPad App

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to eirmad

‎12-20-2012 11:15 AM

Well if you really want some sort of 2 factor, ISE and AnyConnect will be able to do eap-chaining.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

eirmad
Level 1
Level 1
In response to Scott Fella

‎12-20-2012 11:24 AM

Yeah, I guess.

30-40000 users, if I could use my ACS's with ent. license I would be a lot more happy that buy a 25000 concurrent license for ICE.

You see? ;-)

Sent from Cisco Technical Support iPad App

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to eirmad

‎12-20-2012 11:26 AM

Well... I understand... you will just have to see how the webauth works, especially with roaming and devices going to sleep.  That is the stuff you will have to tweak.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card