Cisco Cisco Aironet 3700i Access Point

their network connection used by an outsider. Second, when a repeater access point is incorporated into 
a wireless network, the repeater access point must authenticate to the root access point in the same way 
as a client does.

The 802.1X supplicant is available on 1040, 1130AG, 1140, 1240AG, 1250, 1260, and 1300 series access 
points. It is not available on 1100 and 1200 series access points.

The supplicant is configured in two phases: 

Create and configure a credentials profile

Apply the credentials to an interface or SSID

You can complete the phases in any order, but they must be completed before the supplicant becomes 
operational.

Unencrypted and clear text are the same. You can enter a 
0 followed by the clear text password, or omit the 0 and 
enter the clear text password.

Beginning in privileged EXEC mode, follow these steps to create an 802.1X credentials profile:

Use the no form of the dot1x credentials command to negate a parameter.

The following example creates a credentials profile named test with the username Cisco and a the 
unencrypted password Cisco:

ap1240AG>enable

Password:xxxxxxx

Enter global configuration mode.

dot1x credentials profile

Creates a dot1x credentials profile and enters the dot1x 
credentials configuration submode.

anonymous-id description

(Optional)—Enter the anonymous identity to be used.

description description

(Optional)—Enter a description for the credentials profile

username username

Enter the authentication user id.

Enter an unencrypted password for the credentials.

0—An unencrypted password will follow. 

7—A hidden password will follow. Hidden passwords are used 
when applying a previously saved configuration. 

LINE—An unencrypted (clear text) password.

pki-trustpoint pki-trustpoint

(Optional and only used for EAP-TLS)—Enter the default 
pki-trustpoint.

Return to the privileged EXEC mode.

(Optional) Save your entries in the configuration file.