Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2504 - 802.1x & Radius dual authentication

Hii

I configured the 2504 with 2 SSIDs for staffs and guests. All flowing now..

I also configured the Lobby admin with web auth. But if a guest wants to connect our wireless he/she has to enter the PSK key and then only they are able to connect with the user id and password given by Lobby admin. Can we avoid this key and let the guests connect straightaway with the web auth? Is it secure?

Untitled.jpg

I have one more questions ..

I’m planning to configure 802.1x & Radius dual authentication for staffs SSID..

Any guide available?

Tks

5 REPLIES

2504 - 802.1x & Radius dual authentication

Prasath,

Welcome to CSC

Yes, if you configure passthrough under your web authentciation, you can negate the use of both PSK and logon. Only down side, is client guest traffic isnt encrypted, as you are just like a hot spot.

As for 802.1X and radius.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665d18.shtml

here is a list of other config exmaples

http://www.cisco.com/en/US/tech/tk722/tk809/tech_configuration_examples_list.html

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

2504 - 802.1x & Radius dual authentication

Thanks George.

I tried the passthrough and it works. But it will be a wide open access to everyone.

I would like to make it web auth only. So a guest can connect to the wireless without enter any key and then provide the user id and password to web auth to browse internet.

in sumamry, wihout PSK and only with web auth.   is it possible?

Thanks again for the Radius config examples...

New Member

2504 - 802.1x & Radius dual authentication

hello

yes you can do it and how,

configur wlan guest

configure layer2 security as none

configure layer 3 security as a web-auth and use the internal OR costomized web-portal

and if you want that guest user do not interfear with your corporat network than the best practice to configur a local dhcp pool in controller for the specific subnet which you are using for guest users and map that interface to the guest wlan

configure local net users

here you have done this configuration

please rate the post if this helps you out.

thanks

New Member

2504 - 802.1x & Radius dual authentication

Thanks Waseem,

Yes it works.

when considernig the security, layer2=none is safe?

we have two separate SSID/vlans for guest and staffs. so the guest can only access ISP internet.

also they have a separate dhcp scope.

Re: 2504 - 802.1x & Radius dual authentication

The issue is that your guest traffic isn't encrypted. Whereby, someone could sniff your guest wireless traffic and see it in all its glory. Although, if a guest uses VPN or visits HTTPS web sites that traffic cant be seen.

But, the MSDU (the layer 3 and above info inside a 802.11 frame) can be seen. IP addresses, mac address etc .. When no encryption is used.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
536
Views
12
Helpful
5
Replies
CreatePlease login to create content