Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AP 1130AG with dot1x and EAP-TLS with ACS

Folks,

I?m using the follow url to config dot1x with EAP-TLS and ACS authentication:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml#config-ap

I have some problems to config EAP-TLS ( dot1x ) in my AP because the document screen are different of my AP.

Does anybody has a cli config or another doc to show me?

Tks

1 REPLY
New Member

Re: AP 1130AG with dot1x and EAP-TLS with ACS

aaa group server radius rad_eap1

server 10.1.2.9 auth-port 1812 acct-port 1813

server 10.1.2.10 auth-port 1812 acct-port 1813

!

...

...

aaa authentication login eap_methods1 group rad_eap1

dot11 vlan-name healthy vlan 555

!

...

...

dot11 ssid VSW

vlan 555

authentication open eap eap_methods1

mobility network-id 555

!

...

...

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 556 key 1 size 128bit xxx transmit-key

encryption vlan 556 mode ciphers wep128

!

encryption vlan 555 key 1 size 128bit xxx transmit-key

encryption vlan 555 mode ciphers wep128

!

ssid VSW

!

!

...

...

radius-server host 10.1.2.9 auth-port 1812 acct-port 1813 timeout 6 retransmit 3 key 7 02110D5D02

radius-server host 10.1.2.10 auth-port 1812 acct-port 1813 timeout 6 retransmit 3 key 7 02110D5D02

In this config I use WEP encryption with Open Eap authentication, client authenticates by ACS server, and only there you must configure the type of authentication (TLS, MSCHAP, FAST), on access point you can't configure the type of authentication, you must use only this command "authentication open eap eap_methods"

425
Views
0
Helpful
1
Replies
CreatePlease login to create content