Help with autonomous wireless access point, dot1x and guest VLAN

Unanswered Question
Jul 12th, 2012
User Badges:


Please can someone help with this as I'm tearing my hair out!

Hardware: Cisco 3750 switch and Cisco autonomous access point (AIR-AP1142N-E-K9).

Requirement: A single broadcast SSID; use dot1x to assign vlan 98 to authenticated clients (computer certificate); assign vlan 3 (guest) if the authentication fails.

I can achieve assigning a guest vlan on authentication failure when using a wired connection by using the following command on the interface:

authentication event fail action authorize vlan 3

I'm after a way to achieve the above using the wireless access point.

The main point is that internal users cannot access vlan 3 as they have a valid certificate and that guests do not have to authenticate.

Many thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Amjad Abdullah Thu, 07/12/2012 - 06:03
User Badges:
  • Red, 2250 points or more

Well, if you have ACS 5.x as radius you can configure policies so that assign vlan x for succeeded clients and vlan y for failed clients. I dont think what you eant is available from AP side configuration.

Sent from Cisco Technical Support iPad App

stefan.angerer Mon, 07/16/2012 - 12:21
User Badges:
  • Bronze, 100 points or more


unfortunately you cannot do this.

Since the (necessary) WPA(2) key handshake relies on a successful authentication, there is no such thing like a auth-failed vlan when doing wireless. Usually people work around that using a dedicated guest SSID.




This Discussion

Related Content



Trending Topics - Security & Network