802.1x authenticatio

Unanswered Question
Jul 17th, 2009
User Badges:

Hi experts,


I need clarification in a fundamental concept.


Is it possible to configure 802.1x authentication without external AAA / ACS server.


If the username and password is configured in local device, is it possible to create 802.1x authentication without RADIUS server


Thanks in advance


regards,RB

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
didyap Thu, 07/23/2009 - 14:46
User Badges:
  • Silver, 250 points or more

WLC sends incorrect user name to RADIUS server when performing MAC authorization on MESH APs. From Configuration Guide and Release

notes:

http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52mesh.html#wp1578796


http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn4119235M.html#wp1004616


Both of them documents that the user name for AP1240, 1522, and

1524 are platform_name_string-Ethernet MAC address. The WLC

actually sends out MAC address of the AP to the RADIUS server

first. If the user name is not defined in the RADIUS server, the

WLC sends an access reject to the WLC. Then, the WLC uses

platform_name_string-Ethernet MAC address to the RADIUS server.


In a large MESH installation, some MESH APs fail to join. Change

the order of access request to platform_name_string-Ethernet

MAC address, MAC address (password lower case), and then

MAC address (password upper case)


Configure users with the MAC address of the AP in the external

RADIUS server


Actions

This Discussion