Cisco Systems OL-17037-01 Embedded Access Points, Configuring the Switch for Authentication, 7-14

Chapter 7 Controlling Lightweight Access Points

Embedded Access Points

Configuring the Switch for Authentication

On the switch CLI, enter these commands to enable 802.1X authentication on a switch port:

Switch# configure terminal

Switch(config)# dot1x system-auth-control

Switch(config)# aaa new-model

Switch(config)# aaa authentication dot1x default group radius

Switch(config)# radius-server host ip_addr auth-port port acct-port port key key

Switch(config)# interface fastethernet2/1

Switch(config-if)#switchport mode access

Switch(config-if)#dot1x pae authenticator

Switch(config-if)#dot1x port-control auto

Switch(config-if)# end

Embedded Access Points

Controller software release 5.1 or later supports the AP801, which is the integrated access point on the Cisco 800 Series Integrated Services Routers (ISRs). This access point uses a Cisco IOS software image that is separate from the router Cisco IOS software image. It can operate as an autonomous access point that is configured and managed locally, or it can operate as a centrally managed access point utilizing the CAPWAP or LWAPP protocol. The AP801 is preloaded with both an autonomous Cisco IOS release and a recovery image for the unified mode.

Note Before you use an AP801 Series Lightweight Access Point with controller software release 5.2, you must upgrade the software in the Cisco 800 Series Integrated Services Router (ISR) to Cisco IOS Release 12.4(22)T.

When you want to use the AP801 with a controller, you must enable the recovery image for the unified mode on the access point by entering this CLI command on the router in privileged EXEC mode: service-modulewlan-ap 0 bootimage unified.

Note If the service-modulewlan-ap 0 bootimage unified command does not work successfully, make sure that the software license is still eligible.

After enabling the recovery image, enter this CLI command on the router to shut down and reboot the access point: service-modulewlan-ap 0 reload. After the access point reboots, it discovers the controller, downloads the full CAPWAP or LWAPP software release from the controller, and acts as a lightweight access point.