Cisco Cisco Aironet 1310 Access Point Bridge 릴리즈 노트
23
Release Notes for Cisco Aironet Access Points for Cisco IOS Release 12.3(8)JEA1
OL-12427-01
Documentation Updates
Note
Before you attempt to enable NAC for MBSSID on your access points, you should first have NAC
working properly.
working properly.
shows a typical network setup.
Figure 4
Typical NAC Network Setup
For additional information, see the documentation for deploying NAC for Cisco wireless networks.
Follow these steps to configure NAC for MBSSID on your access point:
Step 1
Configure your network as shown in
.
Step 2
Configure standalone access points and NAC-enabled client-EAP authentication.
Step 3
Configure the local profiles on the ACS server for posture validation.
Step 4
Configure the client and access point to allow the client to successful authenticate using EAP-FAST.
Step 5
Ensure that the client posture is valid.
Step 6
Verify that the client associates to the access point and that the client is placed on the unrestricted VLAN
after successful authentication and posture validation.
after successful authentication and posture validation.
A sample configuration is shown below.
dot11 mbssid
dot11 vlan-name engg-normal vlan 100
dot11 vlan-name engg-infected vlan 102
dot11 vlan-name mktg-normal vlan 101
dot11 vlan-name mktg-infected1 vlan 103
dot11 vlan-name mktg-infected2 vlan 104
dot11 vlan-name mktg-infected3 vlan 105
!
dot11 ssid engg
vlan engg-normal backup engg-infected
authentication open
authentication network-eap eap_methods
!
dot11 ssid mktg
vlan mktg-normal backup mktg-infected1, mktg-infected2, mktg-infected3
authentication open
authentication network-eap eap_methods
!
interface Dot11Radio0
!
ACS
Wireless laptops
Quarantine/
Restricted Access
VLAN/Network
Unrestricted
Access
VLAN/Network
170598