Help with autonomous wireless access point, dot1x and guest VLAN

Unanswered Question
Jul 12th, 2012
User Badges:

Hello,


Please can someone help with this as I'm tearing my hair out!


Hardware: Cisco 3750 switch and Cisco autonomous access point (AIR-AP1142N-E-K9).


Requirement: A single broadcast SSID; use dot1x to assign vlan 98 to authenticated clients (computer certificate); assign vlan 3 (guest) if the authentication fails.


I can achieve assigning a guest vlan on authentication failure when using a wired connection by using the following command on the interface:


authentication event fail action authorize vlan 3


I'm after a way to achieve the above using the wireless access point.


The main point is that internal users cannot access vlan 3 as they have a valid certificate and that guests do not have to authenticate.


Many thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Amjad Abdullah Thu, 07/12/2012 - 06:03
User Badges:
  • Red, 2250 points or more

Well, if you have ACS 5.x as radius you can configure policies so that assign vlan x for succeeded clients and vlan y for failed clients. I dont think what you eant is available from AP side configuration.


Sent from Cisco Technical Support iPad App

stefan.angerer Mon, 07/16/2012 - 12:21
User Badges:
  • Bronze, 100 points or more

Hi,


unfortunately you cannot do this.

Since the (necessary) WPA(2) key handshake relies on a successful authentication, there is no such thing like a auth-failed vlan when doing wireless. Usually people work around that using a dedicated guest SSID.


regards

Stefan

Actions

This Discussion

Related Content

 

 

Trending Topics - Security & Network