802.1x authenticatio

Unanswered Question
Jul 17th, 2009

Hi experts,

I need clarification in a fundamental concept.

Is it possible to configure 802.1x authentication without external AAA / ACS server.

If the username and password is configured in local device, is it possible to create 802.1x authentication without RADIUS server

Thanks in advance

regards,RB

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
didyap Thu, 07/23/2009 - 14:46

WLC sends incorrect user name to RADIUS server when performing MAC authorization on MESH APs. From Configuration Guide and Release

notes:

http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52mesh.html#wp1578796

http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn4119235M.html#wp1004616

Both of them documents that the user name for AP1240, 1522, and

1524 are platform_name_string-Ethernet MAC address. The WLC

actually sends out MAC address of the AP to the RADIUS server

first. If the user name is not defined in the RADIUS server, the

WLC sends an access reject to the WLC. Then, the WLC uses

platform_name_string-Ethernet MAC address to the RADIUS server.

In a large MESH installation, some MESH APs fail to join. Change

the order of access request to platform_name_string-Ethernet

MAC address, MAC address (password lower case), and then

MAC address (password upper case)

Configure users with the MAC address of the AP in the external

RADIUS server

Actions

This Discussion