Cisco Cisco 5508 Wireless Controller 기술 매뉴얼
Cisco Secure ACS that runs version 5.2
•
Cisco 3560 Series Switch
•
The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
Conventions
Refer to the Cisco Technical Tips Conventions for more information on document conventions.
Background Information
LAPs have factory installed X.509 certificates − signed by a private key − that are burned into the device at
the time of manufacture. LAPs use this certificate in order to authenticate with the WLC at the join process.
This method describes another way to authenticate LAPs. With WLC software, you can configure the 802.1x
authentication between a Cisco Aironet access point (AP) and a Cisco switch. In this instance, the AP acts as
the 802.1x supplicant and is authenticated by the switch against a RADIUS Server (ACS) that uses
EAP−FAST with anonymous PAC provisioning. Once it is configured for 802.1x authentication, the switch
does not allow any traffic other than 802.1x traffic to pass through the port until the device connected to the
port authenticates successfully. An AP can be authenticated either before it joins a WLC or after it has joined
a WLC, in which case you configure 802.1x on the switch after the LAP joins the WLC.
the time of manufacture. LAPs use this certificate in order to authenticate with the WLC at the join process.
This method describes another way to authenticate LAPs. With WLC software, you can configure the 802.1x
authentication between a Cisco Aironet access point (AP) and a Cisco switch. In this instance, the AP acts as
the 802.1x supplicant and is authenticated by the switch against a RADIUS Server (ACS) that uses
EAP−FAST with anonymous PAC provisioning. Once it is configured for 802.1x authentication, the switch
does not allow any traffic other than 802.1x traffic to pass through the port until the device connected to the
port authenticates successfully. An AP can be authenticated either before it joins a WLC or after it has joined
a WLC, in which case you configure 802.1x on the switch after the LAP joins the WLC.
Configure
In this section, you are presented with the information to configure the features described in this document.
Network Diagram
This document uses this network setup: