Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
4705
Views
7
Helpful
35
Replies

Default-gateways for dynamic interfaces on 2504 controller

Go to solution
Sandeep Verma
Level 1
Level 1

ā€Ž01-22-2014 11:13 PM - edited ā€Ž07-05-2021 12:01 AM

Hi,

I am setting up wifi flexconnect solution and is a bit confused regarding what should be the default gateway for the dynamic interfaces which will be created.

Will it be the same as the one for management interface or the will it be the one for the clients.

controller ip  172.16.1.100/24

default-gateway  172.16.1.254

vlan 10

dynamic interface 192.168.1.10/24

default-gateway    ?????

vif for this vlan on switch 192.168.1.254

default-gateway for clients  192.168.1.254

Kindly suggest .

Thanks

Labels:
0 Helpful
35 Replies 35

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Sandeep Verma

ā€Ž02-25-2014 06:16 AM

You don't have a radius server?

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Sandeep Verma
Level 1
Level 1
In response to Scott Fella

ā€Ž02-26-2014 02:14 AM

Hi Scott,

I am having Cisco ACS as Radius server.

Client gets authenticated now but on ACS logs the protocol is PEAP and not EAP-TLS.

Thanks

0 Helpful

Go to solution
Sandeep Verma
Level 1
Level 1
In response to Sandeep Verma

ā€Ž02-26-2014 02:57 AM

Also i want to know whether a certificate is required on WLC in case of local EAP only ???

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Sandeep Verma

ā€Ž02-26-2014 03:00 AM

If you want to use local EAP then you don't need certificate for (peap) but EAP fast you need it .

Check it here:

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/100590-ldap-eapfast-config.html

Regards

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
Rasika Nayanajith
VIP
VIP
In response to Sandeep Verma

ā€Ž02-26-2014 10:15 AM 

Client gets authenticated now but on ACS logs the protocol is PEAP and not EAP-TLS.

for EAP-TLS , you have to install certificates on client PC & use EAP-TLS as EAP methods when connecting to wireless. On ACS you need to configure a policy/rule when to use EAP-TLS.

If you are using WLC as Auth Server, then it is required to install cert on WLC. Below post explain EAP cert installation process of WLC.

http://mrncciew.com/2013/04/22/configuring-eap-tls-on-wlc/

HTH

Rasika

**** Pls rate all useful resposnes ****

0 Helpful

Go to solution
Sandeep Verma
Level 1
Level 1
In response to Rasika Nayanajith

ā€Ž02-28-2014 12:11 AM

Rasika Thanks...I've already followed the link from your blog. Very helpful.

Most of the things are now working as expected.

Need some reference material to understand authentication protocols, related to EAP, PEAP, EAP-TLS, MSCHAP., if you can help.

Also one more issue i am facing is i've added 4 RADIUS servers on WLC and for my WLAN security i have just selected 2 of them. However on logs i can see requests being forwarded to other 2 also. So is there any way to filter RADIUS servers for particular WLAN's only.

Thanks in advance.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card