Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

802.1x WLC 5508

After doing some research, I have figured out how to, for the most part, setup 802.1x via wireless. I'm using two 5508 WLCs, and Cisco ACS. I will setup the user account/password information via Cisco ACS and User Identity and Hosts. I know from the WLC 5508 web admin tool that I can choose 802.1x in the security parameters. I only have a few question. We have two wireless networks, one is wide open and provides internet access, the other will provide internal access for select users. I am setting up 802.1x on the internal wireless lan. Do I need to configure any 802.1 configuration commands on the switch in order for this to work, if so where would be the locations to do this at? Also, does anyone know if there is a MAC isolation configuration option I can configure to not allow other hosts on this specific wireless network to communicate with each other?

1 ACCEPTED SOLUTION

Accepted Solutions

802.1x WLC 5508

John,

     No, you do not need to do any configuration on the switches to support the 802.1x for the wireless clients.  The WLC will send the packets to the ACS, and vice versus.  So you're good there.

Under the WLAN config, there is an option for Peer-to-Peer blocking, it's either:

disabled = allowed, no interaction from the WLC

enalbed = disallowed, WLC will not bridge the packets

forward upstream = packet gets sent to L3 and ACL enforced from there.

If you don't want them to talk across the wireless to each other, just set it to enabled, and you should be good.

HTH,

Steve

----------------------------------------------------------------------------------------------------------

Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
3 REPLIES

802.1x WLC 5508

John,

     No, you do not need to do any configuration on the switches to support the 802.1x for the wireless clients.  The WLC will send the packets to the ACS, and vice versus.  So you're good there.

Under the WLAN config, there is an option for Peer-to-Peer blocking, it's either:

disabled = allowed, no interaction from the WLC

enalbed = disallowed, WLC will not bridge the packets

forward upstream = packet gets sent to L3 and ACL enforced from there.

If you don't want them to talk across the wireless to each other, just set it to enabled, and you should be good.

HTH,

Steve

----------------------------------------------------------------------------------------------------------

Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

802.1x WLC 5508

Thanks a bunch Stephen! One other question, is there a way I can block 3 unsuccessful attempts to log on? I would like it to block attempt to logon with username/password every 3rd time for 60 minutes. Once, again thanks for the information!

802.1x WLC 5508

that should be there by default.  The option is Client Exclusion, which can be enabled/disabled per WLAN, as well as the timer

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
1343
Views
0
Helpful
3
Replies