Solved: lwapp capwap AP to act as a supplicant on a 802.1x enabled switch port

Rasmus Kiilerich · ‎10-04-2013

Hi

All our switchports is configured to validate the connected device with 802.1x

However when a wireless accesspoint, that is running FlexConnect, is connected I have to make a "mac bypass" on the AP mac addess and add the multihost command to the port config.

I really like to move away from the mac bypass, but keep the multihost command, and install a certificat on the AP. Have anyone any ideas about how to get the AP itself to auth?

Scott Fella · ‎10-05-2013

There isn't a way to have an AP authenticate on a switchport setup for 802.1x. Mac bypass is the only way. Like on ISE, the switch can detect it's an access port and or phone and reconfigure the switchport for that type of device. Normal 802.1x on a switchport will not work for an AP.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎10-05-2013

There isn't a way to have an AP authenticate on a switchport setup for 802.1x. Mac bypass is the only way. Like on ISE, the switch can detect it's an access port and or phone and reconfigure the switchport for that type of device. Normal 802.1x on a switchport will not work for an AP.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Amjad Abdullah · ‎10-07-2013

Hi,

The AP can act as 802.1x supplicant if it is connected to a 802.1x enabled switch port.

Cisco unified APs however supports only EAP-FAST as the EAP method.

Here is a config example, hope it'll be useful.

http://goo.gl/HMbiHL

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Luke Marrott · ‎05-15-2014

This is the correct answer.