yaplej Premium Member join:2001-02-10 White City, OR |
yaplej
Premium Member
2010-Jul-29 6:07 pm
[H/W] Wireless recommendations with 802.1x VLAN AssignmentAnyone know what models Cisco WAPs will do 802.1x dynamic vlan assignment, guest vlan, and authfail vlan?
I was looking at a 1240AG but was wondering if any older devices would work.
Thanks. |
|
cramer Premium Member join:2007-04-10 Raleigh, NC Westell 6100 Cisco PIX 501
|
cramer
Premium Member
2010-Jul-29 8:46 pm
What exactly are you looking for? dot1x authentication of clients and placing them in various VLANs? (i.e. the ethernet side of the WAP is a dot1Q trunk.) I'm not sure any WAP will do that. Most support the supplicant to authenticate itself to the switch, but I don't see any that appear to partition wireless clients. See Also: Cisco Feature Navigator |
|
yaplej Premium Member join:2001-02-10 White City, OR |
yaplej
Premium Member
2010-Jul-29 9:25 pm
Yes, I am looking for something that would place the client into a VLAN and the WAP would have an dot1Q trunk back to the switch.
I was able to pull up that these features. IEEE 802.1Q VLAN Trunking NAC - L2 IEEE 802.1x VLAN Assignment By Name
are supported by the follow WAPs 1100 1130 1200 1240 1250
I am using NAP Microsofts variation of NAC so this makes me think any one of those WAPs should work. I am no wireless expert and wanted to make sure before spending any money to try it out. |
|
RyanG1 Premium Member join:2002-02-10 San Antonio, TX |
RyanG1
Premium Member
2010-Jul-29 9:27 pm
|
|
yaplej Premium Member join:2001-02-10 White City, OR |
yaplej
Premium Member
2010-Jul-29 9:33 pm
Yes, but minus the Wireless LAN Controller. |
|
RyanG1 Premium Member join:2002-02-10 San Antonio, TX |
RyanG1
Premium Member
2010-Jul-30 3:51 am
the only way ive seen most configuration work for IOS based APs is that the SSID is assigned to the vlan, not the client.
SSIDA = VLAN1 SSIDB = VLAN2
the clients associate to the ssid and intern the vlan, dot1x will only authenticate them.
Im not sure it supports dynamic allocation of a client to a vlan thats not associated to the SSID.
i could be wrong as i have not played with the latest WAPs.
Ryan |
|
|
kffz to yaplej
Anon
2010-Jul-31 8:25 pm
to yaplej
In theory most of the cisco APs can assign a VLAN to a client based on login credentials when using either the local AAA or a AAA server. However in practice it does not work with a local AAA server.
We have been working with Cisco to get it to work for a couple of years now. Recently we were told it won't be fixed in the APs we have (1100, 1200). Not sure if it works with any of the other APs. We do not have a AAA server so can't say if it works that way. |
|