EAP-TLS for Aironet 1231 ?

Discussion in 'Cisco' started by bt_hirosaito, Mar 24, 2006.

  1. bt_hirosaito

    bt_hirosaito Guest

    Hi,

    is there a chance to let the accesspoint do an authentication
    additionally to the clients ?

    is there a functionality on the accesspoints to start EAP-TLS
    authentication and authenticate with machine certificate ?

    and i think for that you will need this "multiple authentication"
    feature on the switch don´t you ? Does anyone know the right name of
    this feature ?

    Thanks a lot
    Greetz Eric
     
    bt_hirosaito, Mar 24, 2006
    #1
    1. Advertisements

  2. bt_hirosaito

    Uli Link Guest

    The AP authenticates to the RADIUS by IP address and a shared secret.
    An Aironet 1230 internal radius server can only authenticate LEAP or
    EAP-FAST. For EAP-TLS you'll need another RADIUS like M$ IAS, Cisco ACS
    or Funk Steel Belted RADIUS.
    Together with an external RADIUS the AIR 1230 will support multiple
    EAP-TLS authenticatet client stations.
     
    Uli Link, Mar 24, 2006
    #2
    1. Advertisements

  3. bt_hirosaito

    bt_hirosaito Guest

    and i think for that you will need this "multiple authentication"
    with that i meant authentication via switch and not via accesspoint.
    should have write this more clearly.
    i don´t know the right name of the feature to do multiple
    authentication on the same port.

    Greetz Eric
     
    bt_hirosaito, Mar 27, 2006
    #3
  4. with that i meant authentication via switch and not via accesspoint.
    should have write this more clearly.
    i don´t know the right name of the feature to do multiple
    authentication on the same port.

    Sounds to me like 802.1x auth towards the switchport of the switch that the
    AP connects to, right ?
    I am not 100% into the Cisco lingo about dot1x, but the commands are called
    that (dot1x)
    As how to install a CERT into the AP, I would look it up on CCO or at your
    local partner.

    HTH
    Martin Bilgrav
     
    Martin Bilgrav, Mar 27, 2006
    #4
  5. bt_hirosaito

    Joe Matuscak Guest

    For EAP-TLS you'll need another RADIUS like M$ IAS, Cisco ACS
    Note that FreeRadius works fine as well.
     
    Joe Matuscak, Mar 27, 2006
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.