The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
You can configure 802.1X authentication between a lightweight access point and a Cisco switch. The access point acts as an 802.1X supplicant and is authenticated by the switch using EAP-FAST with anonymous PAC provisioning.
You can configure global authentication settings that all access points that are currently associated with the controller and any that associate in the future. You can also override the global authentication settings and assign unique authentication settings for a specific access point.
Step 1 |
If the access point is new, do the following:
|
Step 2 | Install the 5.1, 5.2, 6.0, or 7.0 image on the controller and reboot the controller. |
Step 3 | Allow all access points to join the controller. |
Step 4 | Configure authentication on the controller. See the Configuring Authentication for Access Points (GUI) section or the Configuring Authentication for Access Points (CLI) section for information about configuring authentication on the controller. |
Step 5 | Configure the switch to allow authentication. See the Configuring the Switch for Authentication section for information about configuring the switch for authentication. |
Step 1 | Configure the global
authentication username and password for all access points currently joined to
the controller as well as any access points that join the controller in the
future by entering this command:
config ap
802.1Xuser add username
ap-username
password
ap-password
all
| ||||
Step 2 | (Optional)
Override the global authentication settings and assign a unique username and
password to a specific access point. To do so, enter this command:
config ap
802.1Xuser add username
ap-username
password
ap-password
Cisco_AP
The authentication settings that you enter in this command are retained across controller and access point reboots and whenever the access point joins a new controller.
| ||||
Step 3 | Enter the save config command to save your changes. | ||||
Step 4 | (Optional)
Disable 802.1X authentication for all access points or for a specific access
point by entering this command:
config ap 802.1Xuser disable {all | Cisco_AP}
| ||||
Step 5 | See the
authentication settings for all access points that join the controller by
entering this command:
Information similar to the following appears: Number of APs.................................... 1 Global AP User Name.............................. globalap Global AP Dot1x User Name........................ globalDot1x | ||||
Step 6 | See the
authentication settings for a specific access point by entering this command:
show ap config general Cisco_AP
|
To enable 802.1X authentication on a switch port, on the switch CLI, enter these commands: