EAP-TLS for Aironet 1231 ?

Hi,

is there a chance to let the accesspoint do an authentication
additionally to the clients ?

is there a functionality on the accesspoints to start EAP-TLS
authentication and authenticate with machine certificate ?

and i think for that you will need this "multiple authentication"
feature on the switch don´t you ? Does anyone know the right name of
this feature ?

Thanks a lot
Greetz Eric

 

The AP authenticates to the RADIUS by IP address and a shared secret.

An Aironet 1230 internal radius server can only authenticate LEAP or
EAP-FAST. For EAP-TLS you'll need another RADIUS like M$ IAS, Cisco ACS
or Funk Steel Belted RADIUS.
Together with an external RADIUS the AIR 1230 will support multiple
EAP-TLS authenticatet client stations.

 

and i think for that you will need this "multiple authentication"

with that i meant authentication via switch and not via accesspoint.
should have write this more clearly.
i don´t know the right name of the feature to do multiple
authentication on the same port.

Greetz Eric

 

with that i meant authentication via switch and not via accesspoint.
should have write this more clearly.
i don´t know the right name of the feature to do multiple
authentication on the same port.

Sounds to me like 802.1x auth towards the switchport of the switch that the
AP connects to, right ?
I am not 100% into the Cisco lingo about dot1x, but the commands are called
that (dot1x)
As how to install a CERT into the AP, I would look it up on CCO or at your
local partner.

HTH
Martin Bilgrav

 

For EAP-TLS you'll need another RADIUS like M$ IAS, Cisco ACS

Note that FreeRadius works fine as well.