Chapter 7 Controlling Lightweight Access Points

Configuring Authentication for Access Points

Information similar to the following appears:

Cisco AP Identifier

.............................. 0

Cisco AP Name

HReap

...

 

AP User Mode

AUTOMATIC

AP User Name

globalap

...

 

Note If this access point is configured for global credentials, the AP User Mode fields shows “Automatic.” If the global credentials have been overwritten for this access point, the AP User Mode field shows “Customized.”

Configuring Authentication for Access Points

You can configure 802.1X authentication between a lightweight access point and a Cisco switch. The access point acts as an 802.1X supplicant and is authenticated by the switch using EAP-FAST with anonymous PAC provisioning.

This feature is supported on the following hardware:

Cisco Aironet 1130, 1140, 1240, and 1250 series access points

All controller platforms running in local, hybrid-REAP, monitor, or sniffer mode. Bridge mode is not supported.

Note In hybrid-REAP mode, you cannot configure local switching with 802.1X authentication; you can configure central switching only.

All Cisco switches that support authentication

Note Refer to the Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 5.2 for a list of supported switch hardware and minimum supported software.

You can configure global authentication settings that all access points inherit as they join the controller. This includes all access points that are currently joined to the controller and any that join in the future. If desired, you can override the global authentication settings and assign unique authentication settings for a specific access point.

Observe the following flow for configuring authentication for access points:

1.If the access point is new, do the following:

a.Boot the access point with the installed recovery image.

b.If you choose not to follow this suggested flow and instead enable 802.1X authentication on the switch port connected to the access point prior to the access point joining the controller, enter the following command:

lwapp ap dot1x username username password password

Cisco Wireless LAN Controller Configuration Guide

 

OL-17037-01

7-9

 

 

 

Page 9
Image 9
Cisco Systems OL-17037-01 Configuring Authentication for Access Points, Lwapp ap dot1x username username password password