10-08-2008 07:28 AM - edited 07-03-2021 04:34 PM
we have a wlan using 802.1x and wpa2. We have a guy who wants to get on without being on our domain.
is local eap the only way? Is there a way we could manually install certificates on client side? kinda bypassing peap certificate process?
i was thinking about mac filtering, when i turn on mac filtering on the wlan on the littel checkbox, does it disablet he other layer 3 security and mac all users use mac filtering?
Is there a way to use 802.1x and mac filtering?
10-08-2008 07:54 PM
Why not just create another ssid and map that to the same subnet. This way you don't have to touch the client side. Are you using autonomous or lwapp AP's? Also, are you doing machine authentication or AD credentials?
10-09-2008 04:42 AM
this is lwapp on 4404 4.2.129 cade.
we are doing ad peap/ms-chapv2 through cisco secure acs
802.1x WPA2
we would need it to be on the same ssid.
any wway to get on besides local eap?
10-09-2008 04:44 AM
this is lwapp on 4404 4.2.129 cade.
we are doing ad peap/ms-chapv2 through cisco secure acs
802.1x WPA2
we would need it to be on the same ssid.
any wway to get on besides local eap?
10-09-2008 06:20 AM
You can setup a username and password on ACS and make sure that the Groups is setup to also autneticate using local databe and not just windos database or what ever database you are pointing to.
10-14-2008 12:03 PM
ok so
basicaly the 2 options are...
1) Create local net user on controller, and use local eap...
-local eap can be used in concurrent with 802.1x eap/wpa2 correct?
What i mean is i can check the local eap box and use 802.1x eap and local eap at the same time
2) create a local username/password on acs to authenticate locally? Will that require username on active directory?
those 2 options?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: