10-04-2013 07:26 AM - edited 07-04-2021 01:00 AM
Hi
All our switchports is configured to validate the connected device with 802.1x
However when a wireless accesspoint, that is running FlexConnect, is connected I have to make a "mac bypass" on the AP mac addess and add the multihost command to the port config.
I really like to move away from the mac bypass, but keep the multihost command, and install a certificat on the AP. Have anyone any ideas about how to get the AP itself to auth?
Solved! Go to Solution.
10-05-2013 10:52 AM
There isn't a way to have an AP authenticate on a switchport setup for 802.1x. Mac bypass is the only way. Like on ISE, the switch can detect it's an access port and or phone and reconfigure the switchport for that type of device. Normal 802.1x on a switchport will not work for an AP.
Sent from Cisco Technical Support iPhone App
10-05-2013 10:52 AM
There isn't a way to have an AP authenticate on a switchport setup for 802.1x. Mac bypass is the only way. Like on ISE, the switch can detect it's an access port and or phone and reconfigure the switchport for that type of device. Normal 802.1x on a switchport will not work for an AP.
Sent from Cisco Technical Support iPhone App
10-07-2013 03:07 AM
Hi,
The AP can act as 802.1x supplicant if it is connected to a 802.1x enabled switch port.
Cisco unified APs however supports only EAP-FAST as the EAP method.
Here is a config example, hope it'll be useful.
Regards,
Amjad
Rating useful replies is more useful than saying "Thank you"
05-15-2014 06:40 PM
This is the correct answer.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: