Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Help with autonomous wireless access point, dot1x and guest VLAN

Hello,

Please can someone help with this as I'm tearing my hair out!

Hardware: Cisco 3750 switch and Cisco autonomous access point (AIR-AP1142N-E-K9).

Requirement: A single broadcast SSID; use dot1x to assign vlan 98 to authenticated clients (computer certificate); assign vlan 3 (guest) if the authentication fails.

I can achieve assigning a guest vlan on authentication failure when using a wired connection by using the following command on the interface:

authentication event fail action authorize vlan 3

I'm after a way to achieve the above using the wireless access point.

The main point is that internal users cannot access vlan 3 as they have a valid certificate and that guests do not have to authenticate.

Many thanks in advance

2 REPLIES

Re: Help with autonomous wireless access point, dot1x and guest

Well, if you have ACS 5.x as radius you can configure policies so that assign vlan x for succeeded clients and vlan y for failed clients. I dont think what you eant is available from AP side configuration.

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"

Re: Help with autonomous wireless access point, dot1x and guest

Hi,

unfortunately you cannot do this.

Since the (necessary) WPA(2) key handshake relies on a successful authentication, there is no such thing like a auth-failed vlan when doing wireless. Usually people work around that using a dedicated guest SSID.

regards

Stefan

818
Views
0
Helpful
2
Replies
CreatePlease to create content