Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

dot1x authentication

Hello,

my company has a security policy, requesting any machine that connects to the network to be authenticated with certificates. Now we are installing a WLAN, and the request would be that the APs also act as supplicants so that the switchports were they are going to connect, can be authorized via EAP using for that, certificates. Looking at the config guide and at the WLC i only find username and password as authentication parameters. Is there a way to make it also via certificates? The WLC is a 5508, 7.2(110) and the APs are LAP1142n.

Thanks in advance,

Fernando

1 ACCEPTED SOLUTION

Accepted Solutions

dot1x authentication

Hi Fernando,

you can use EAP-FAST to authenticate the APs to the network. Unfortunately at the moment there is no chance to use EAP-TLS. You can find more information about it here:

http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_lwap.html#wp2031925

"The access point acts as an 802.1X supplicant and is authenticated by the switch using EAP-FAST with anonymous PAC provisioning."

Hope that helps!

Stefan

5 REPLIES
Hall of Fame Super Silver

Re: dot1x authentication

Fernando,

You need to look at EAP-TLS which require a certificate on each domain machine. You can authenticate the AP to a AAA server to allow ap to either join the WLC or not. But for device authentication you need to look at machine authentication using EAP-TLS.

The AP cant act as a supplicant for devices.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Re: dot1x authentication

This is going to be more about your AAA server than it is the WLC.

EAP is between the AAA and the client with the WLC being a pass through.

What type of AAA server are you planning ti use ACS/IAS/NPS/ISE?

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

dot1x authentication

Hi Fernando,

you can use EAP-FAST to authenticate the APs to the network. Unfortunately at the moment there is no chance to use EAP-TLS. You can find more information about it here:

http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_lwap.html#wp2031925

"The access point acts as an 802.1X supplicant and is authenticated by the switch using EAP-FAST with anonymous PAC provisioning."

Hope that helps!

Stefan

New Member

dot1x authentication

Hi guys,

thank you all for your help. Will have to accept EAP-FAST as access-layer security.

Fernando

Silver

dot1x authentication

Have to install NPS server. user will athenticate through that

---

Posted by WebUser Prakash Bharadwaj from Cisco Support Community App

577
Views
0
Helpful
5
Replies