Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

802.1x authenticatio

Hi experts,

I need clarification in a fundamental concept.

Is it possible to configure 802.1x authentication without external AAA / ACS server.

If the username and password is configured in local device, is it possible to create 802.1x authentication without RADIUS server

Thanks in advance

regards,RB

1 REPLY
Silver

Re: 802.1x authenticatio

WLC sends incorrect user name to RADIUS server when performing MAC authorization on MESH APs. From Configuration Guide and Release

notes:

http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52mesh.html#wp1578796

http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn4119235M.html#wp1004616

Both of them documents that the user name for AP1240, 1522, and

1524 are platform_name_string-Ethernet MAC address. The WLC

actually sends out MAC address of the AP to the RADIUS server

first. If the user name is not defined in the RADIUS server, the

WLC sends an access reject to the WLC. Then, the WLC uses

platform_name_string-Ethernet MAC address to the RADIUS server.

In a large MESH installation, some MESH APs fail to join. Change

the order of access request to platform_name_string-Ethernet

MAC address, MAC address (password lower case), and then

MAC address (password upper case)

Configure users with the MAC address of the AP in the external

RADIUS server

118
Views
0
Helpful
1
Replies