7-9
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 7 Controlling Lightweight Access Points
Configuring Authentication for Access Points
Information similar to the following appears:
Cisco AP Identifier.............................. 0
Cisco AP Name.................................. HReap
...
AP User Mode..................................... AUTOMATIC
AP User Name..................................... globalap
...
Note
If this access point is configured for global credentials, the AP User Mode fields shows
“Automatic.” If the global credentials have been overwritten for this access point, the AP User
Mode field shows “Customized.”
Configuring Authentication for Access Points
You can configure 802.1X authentication between a lightweight access point and a Cisco switch. The
access point acts as an 802.1X supplicant and is authenticated by the switch using EAP-FAST with
anonymous PAC provisioning.
This feature is supported on the following hardware:
•
Cisco Aironet 1130, 1140, 1240, and 1250 series access points
•
All controller platforms running in local, hybrid-REAP, monitor, or sniffer mode. Bridge mode is
not supported.
Note
In hybrid-REAP mode, you cannot configure local switching with 802.1X authentication;
you can configure central switching only.
•
All Cisco switches that support authentication
Note
Refer to the
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access
Points for Release 5.2
for a list of supported switch hardware and minimum supported
software.
You can configure global authentication settings that all access points inherit as they join the controller.
This includes all access points that are currently joined to the controller and any that join in the future.
If desired, you can override the global authentication settings and assign unique authentication settings
for a specific access point.
Observe the following flow for configuring authentication for access points:
1.
If the access point is new, do the following:
a.
Boot the access point with the installed recovery image.
b.
If you choose not to follow this suggested flow and instead enable 802.1X authentication on the
switch port connected to the access point prior to the access point joining the controller, enter
the following command:
lwapp ap dot1x username
username
password
password