Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
451
Views
0
Helpful
2
Replies

NAC L2 802.1x (wireless)

dmitri_vilesov
Level 1
Level 1

‎01-24-2007 03:41 AM - edited ‎02-21-2020 01:23 AM

Can somebody advice me - where i can find information about configuring NAC L2 802.1x on wireless AP 1200 series? Or can somebody show me example of configuration file? I have found configuration guide only about wired solutions (configuring NAC L2 IP and NAC 802.1x on switch).

Thank you in advance!

0 Helpful
2 Replies 2

bwilmoth
Level 5
Level 5

‎01-30-2007 07:49 AM

For NAC implementation with wireless access points, the implementation is the same as the switch wired Layer 2 802.1x implementation for network admission control. The only difference is that you will need to use a third party NAC-enabled supplicant such as Meetinghouse for your wireless devices.

sample config on AP

-------------------------------

aaa new-model

aaa authentication eou default group radius

aaa session-id common

radius-server host 10.100.100.100 auth-port 1645 acct-port 1646

radius-server key cisco123

radius-server vsa send authentication #Enable VSAs

ip radius source-interface FastEthernet0/0

ip admission name NAC-L2-IP eapoudp #Define NAC policy

ip admission name NAC-L2-IP-Bypass eapoudp bypass #

ip admission name NAC-L3-IP eapoudp1 list EoU-ACL #Define NAC trigger, routers only

ip access-list extended EoU-ACL

deny udp any any eq domain #allow DNS to bypass NAC

deny tcp any host 10.100.100.101 eq www #allow HTTP to bypass NAC

permit ip any any #all other traffic triggers

ip access-list extended Interface-ACL

permit udp any any eq 21862 #permit EAPoUDP

permit udp any eq bootpc any eq bootps #permit DHCP

Refer these links:

http://www.cisco.com/en/US/netsol/ns617/netbr0900aecd80355b2f.html

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_configuration_guide_chapter09186a0080606cbe.html#wp1072071

0 Helpful

dmitri_vilesov
Level 1
Level 1
In response to bwilmoth

‎01-30-2007 11:21 PM

Thank you for the answer!

Unfortunalety, "ip admission" command is not recognized by the AP IOS.

IOS version 12.3(7)JA4

bootloader 12.2(8)JA

is there any suggestions? :)

Thank you in advance!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card