Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC L2 802.1x (wireless)

Can somebody advice me - where i can find information about configuring NAC L2 802.1x on wireless AP 1200 series? Or can somebody show me example of configuration file? I have found configuration guide only about wired solutions (configuring NAC L2 IP and NAC 802.1x on switch).

Thank you in advance!


Re: NAC L2 802.1x (wireless)

For NAC implementation with wireless access points, the implementation is the same as the switch wired Layer 2 802.1x implementation for network admission control. The only difference is that you will need to use a third party NAC-enabled supplicant such as Meetinghouse for your wireless devices.

sample config on AP


aaa new-model

aaa authentication eou default group radius

aaa session-id common

radius-server host auth-port 1645 acct-port 1646

radius-server key cisco123

radius-server vsa send authentication #Enable VSAs

ip radius source-interface FastEthernet0/0

ip admission name NAC-L2-IP eapoudp #Define NAC policy

ip admission name NAC-L2-IP-Bypass eapoudp bypass #

ip admission name NAC-L3-IP eapoudp1 list EoU-ACL #Define NAC trigger, routers only

ip access-list extended EoU-ACL

deny udp any any eq domain #allow DNS to bypass NAC

deny tcp any host eq www #allow HTTP to bypass NAC

permit ip any any #all other traffic triggers

ip access-list extended Interface-ACL

permit udp any any eq 21862 #permit EAPoUDP

permit udp any eq bootpc any eq bootps #permit DHCP

Refer these links:

New Member

Re: NAC L2 802.1x (wireless)

Thank you for the answer!

Unfortunalety, "ip admission" command is not recognized by the AP IOS.

IOS version 12.3(7)JA4

bootloader 12.2(8)JA

is there any suggestions? :)

Thank you in advance!

CreatePlease login to create content