Wireless Access

Hello All,

I know what Tunnel Node does, however, can some please provide some insight into how it works.

So if I have all my Security Policies and Authentication profiles on the Mobility Controller, how can I tell which of the Policies is applied to the Tunnel Node Port on the MAS.

For example, if I have 802.1X and Captive Portal Authentication built on the Mobility Controller. Which of these Authentications will be applied to the Tunnel Node Port?

Hi,

Both of those mechanisms can be appled to a tunneled node port. The AAA function is based off of what you apply in the aaa authentication wired profile on the controller.

If you run a show aaa authentication wired command on the controller, it will show you the aaa profile that is assigned.

(WLC-3600) #show aaa authentication wired

Wired Authentication Profile

----------------------------

Parameter    Value

---------            -----

AAA Profile  default

---

@cappalli wrote:

Hi,

 

Both of those mechanisms can be appled to a tunneled node port. The AAA function is based off of what you apply in the aaa authentication wired profile on the controller.

 

If you run a show aaa authentication wired command on the controller, it will show you the aaa profile that is assigned.

 

 

(WLC-3600) #show aaa authentication wired

Wired Authentication Profile

----------------------------

Parameter    Value

---------            -----

AAA Profile  default

 

---

Thanks Tim. However, it seems that I have to apply the aaa authentication wired profile to either 802.1X or Captive Portal. Is that correct?

If so, that means you can only do one or the other and not both on a per Port basis. Correct?

Are you trying to do 802.1X with captive portal fall back?

Sent from my BlackBerry Z10

Yes I am.

You should be able to put the captive portal logon role as the initial role in the AAA profile so if 1X fails, they will be dumped into the initial role.

Good idea.

Will give that a shot.

Thx.