Security

Can one use 802.1x authentication via clearpass drilled down to the wired ports on a 93H access point?

 

We have the 93H set to following:

 

Wired AP: enable

Forward Mode: tunneled

Switchport Mode: access

Access mode vlan: 100  (example vlan)

 

The wirless side of the 93H works fine, but we need to lock down the wired ports.  The goal is to use clearpass to take care of the authentication.  We would like to distribute 93H's into our residence hall environments. 

 

I have added a little diagram here that may help.  Any advice on where on the controller we should configure this setting to point to clearpass for wired authentication would be helpful.

 

Thanks

 

 

Sure you can!

 

You can use the same AAA profile that you are using for your wireless clients. Just configure the "Ethernet interface X port configuration".

 

Sorry, jumped the gun here. Are you trying to do tunneled-node where the user subnets live on the controller or switch them locally at the edge?

Hi,

 

We are tunneling back to the controller and the VLAN lives there, so we won't be flipping vlans at the access layer / switch port.

 

I disabled my wifi adapter and plugged into port 1 on our 93H.  I set under the wired port 1 / AAA to use the same profile as the wireless traffic is using, but I was not prompted for a user/pass.  I received an ip and can browse anywhere.  I must be missing something.  I'll do some more checking and verify the 93H's wireless traffic is fully functional with 802.1x authentication under the same AAA profile I applied to the 93H's wired port 1. 

 

Thanks for the replies.

 

Do you have "Trusted" unchecked under the Wired AP profile? This will force devices to authenticate.

 

Here is what I have settings wise:

 

 

 

 

 

 

Yes. This is possible. You can use wired port profiles in the ap group. To enable auth with aaa profiles, set the wired port to untrusted. Meaning uncheck the trusted box. You must apply a aaa profile however.