Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Local EAP/PEAP question

we have a wlan using 802.1x and wpa2. We have a guy who wants to get on without being on our domain.

is local eap the only way? Is there a way we could manually install certificates on client side? kinda bypassing peap certificate process?

i was thinking about mac filtering, when i turn on mac filtering on the wlan on the littel checkbox, does it disablet he other layer 3 security and mac all users use mac filtering?

Is there a way to use 802.1x and mac filtering?

5 REPLIES
Hall of Fame Super Silver

Re: Local EAP/PEAP question

Why not just create another ssid and map that to the same subnet. This way you don't have to touch the client side. Are you using autonomous or lwapp AP's? Also, are you doing machine authentication or AD credentials?

-Scott
*** Please rate helpful posts ***
New Member

Re: Local EAP/PEAP question

this is lwapp on 4404 4.2.129 cade.

we are doing ad peap/ms-chapv2 through cisco secure acs

802.1x WPA2

we would need it to be on the same ssid.

any wway to get on besides local eap?

New Member

Re: Local EAP/PEAP question

this is lwapp on 4404 4.2.129 cade.

we are doing ad peap/ms-chapv2 through cisco secure acs

802.1x WPA2

we would need it to be on the same ssid.

any wway to get on besides local eap?

Hall of Fame Super Silver

Re: Local EAP/PEAP question

You can setup a username and password on ACS and make sure that the Groups is setup to also autneticate using local databe and not just windos database or what ever database you are pointing to.

-Scott
*** Please rate helpful posts ***
New Member

Re: Local EAP/PEAP question

ok so

basicaly the 2 options are...

1) Create local net user on controller, and use local eap...

-local eap can be used in concurrent with 802.1x eap/wpa2 correct?

What i mean is i can check the local eap box and use 802.1x eap and local eap at the same time

2) create a local username/password on acs to authenticate locally? Will that require username on active directory?

those 2 options?

199
Views
0
Helpful
5
Replies
CreatePlease to create content