dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2077

yaplej
Premium Member
join:2001-02-10
White City, OR

yaplej

Premium Member

[H/W] Wireless recommendations with 802.1x VLAN Assignment

Anyone know what models Cisco WAPs will do 802.1x dynamic vlan assignment, guest vlan, and authfail vlan?

I was looking at a 1240AG but was wondering if any older devices would work.

Thanks.
cramer
Premium Member
join:2007-04-10
Raleigh, NC
Westell 6100
Cisco PIX 501

cramer

Premium Member

What exactly are you looking for? dot1x authentication of clients and placing them in various VLANs? (i.e. the ethernet side of the WAP is a dot1Q trunk.) I'm not sure any WAP will do that. Most support the supplicant to authenticate itself to the switch, but I don't see any that appear to partition wireless clients.

See Also: Cisco Feature Navigator

yaplej
Premium Member
join:2001-02-10
White City, OR

yaplej

Premium Member

Yes, I am looking for something that would place the client into a VLAN and the WAP would have an dot1Q trunk back to the switch.

I was able to pull up that these features.
IEEE 802.1Q VLAN Trunking
NAC - L2 IEEE 802.1x
VLAN Assignment By Name

are supported by the follow WAPs
1100
1130
1200
1240
1250

I am using NAP Microsofts variation of NAC so this makes me think any one of those WAPs should work. I am no wireless expert and wanted to make sure before spending any money to try it out.

RyanG1
Premium Member
join:2002-02-10
San Antonio, TX

RyanG1

Premium Member

something similar to this: »www.cisco.com/en/US/tech ··· 7c.shtml

?

Ryan

yaplej
Premium Member
join:2001-02-10
White City, OR

yaplej

Premium Member

Yes, but minus the Wireless LAN Controller.

RyanG1
Premium Member
join:2002-02-10
San Antonio, TX

RyanG1

Premium Member

the only way ive seen most configuration work for IOS based APs is that the SSID is assigned to the vlan, not the client.

SSIDA = VLAN1
SSIDB = VLAN2

the clients associate to the ssid and intern the vlan, dot1x will only authenticate them.

Im not sure it supports dynamic allocation of a client to a vlan thats not associated to the SSID.

i could be wrong as i have not played with the latest WAPs.

Ryan

kffz
@cox.net

kffz to yaplej

Anon

to yaplej
In theory most of the cisco APs can assign a VLAN to a client based on login credentials when using either the local AAA or a AAA server. However in practice it does not work with a local AAA server.

We have been working with Cisco to get it to work for a couple of years now. Recently we were told it won't be fixed in the APs we have (1100, 1200). Not sure if it works with any of the other APs. We do not have a AAA server so can't say if it works that way.