NAC L2 802.1x (wireless)

Similar Messages

• NAC Framework NAC-L2-802.1x with Wireless AP1242AG?

  Hi
  Can anyone provide some info on setting up NAC-L2-802.1x with a Wireless AP1242AG (not using the NAC Appliance, but the Framework). I cant seem to find the equivalent dot1x port control auto commands on the access-point. Thanks
  Jason

  NAC assesses the state, or posture, of a host to prevent unauthorized or vulnerable endpoints from accessing the network. Enforcement is performed through an authorization policy that is centrally defined on a single ACS server or delegated to multiple NAC posture validation servers

• After 10.6.8 upgrade, MacBook PRO doesn't acquire IP address via 802.11n wireless connection

  After upgrading a MacBook Pro to 10.6.8, the machine connects to an 802.11n wireless access point, but will not acquire an IP address using DHCP.  An iMac running 10.6.7, and an iPad2 both successfully connect and acquire DHCP IP addresses to the same access point.  The access point is an HP Procurve MSM422 access point, a commercial data center level access point.
  The MacBook Pro did acquire a connection and IP address when running 10.6.7, so this seems to be a regression introduced with the upgrade to 10.6.8.
  The MacBook Pro running 10.6.8 will acquire an 802.11g connection to the same access point without any problems.  The access point has different SSIDs for 802.11n and 802.11g.
  Changing the IP settings on the MacBook Pro from DHCP to a fixed IP address doesn't solve the problem.
  Just wanted to document this situation for those following problems with migration to 10.6.8.
  If anyone uncovers the reason and has a work around for this situation, please share.  I'll keep looking, too.  I plan to do a combo install of 10.6.8 later today to see if this remedies the situation.

  Deleting and recreating the AirPort connection doesn't help this problem.  Neither does turning the AirPort on/then off, going from DHCP to FIXED IP addresses, or repairing permissions.  I even upgraded the firmware in the HP MSM422 access point from 5.4.29 to 5.5.1 and that didn't make any difference, either. 
  Using the combo installer to reinstall 10.6.8 did fix the problem. 

• NAC-L2-802.1x with 7940 IP Phones and builtin swithport?

  Hi
  I've got the NAC Framework, NAC-L2-802.1x working in a test LAB with network hosts (PCs) connected directly to the L2 switch. In our production environment, we have Cisco 7940 IP phones on every desk, and the PCs connect to the switchport on the back of these phones. How would one configure NAC-L2-802.1x to work in a setup like this? I've done quite a bit of searching on Cisco and only found this reference to IP phones and NAC;
  IP Telephone and Device Mobility
  The computer connected to the PC port on an IP phone will get posture validated successfully.
  It does not help much...
  Thanks very much.
  Jason

  You have 2 choices:
  1) Ignore the phones based on CDP. You get this be just configuring 802.1X along with a VVID. Here's an example port config from a 3750:
  interface GigabitEthernet1/0/2
  description endpoints
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 200
  srr-queue bandwidth share 10 10 60 20
  srr-queue bandwidth shape 10 0 0 0
  queue-set 2
  mls qos trust device cisco-phone
  mls qos trust cos
  dot1x pae authenticator
  dot1x port-control auto
  spanning-tree portfast
  spanning-tree bpduguard enable
  ip verify source
  ip dhcp snooping limit rate 10
  The config above will allow a Cisco phone in "for free" just b/c it can do CDP.
  2) Authenticate IP phones via 1X or MAC-Authentication for phones that cannot support 1X. This would be the same config as above, with the addition of this line:
  dot1x host-mode multi-domain
  And if your IP phone cannot do 1X (for example the 7940 cannot) then you'll need to check it's MAC for entry into the network by adding this line:
  dot1x mac-auth-bypass
  Hope this helps,

• NAC Framework - NAC-L2-802.1x without CSSC client?

  Hi
  I'm just wondering if it is possible to do NAC-L2-802.1x without the use of the CSSC client? I've managed to get this working with the CSSC client with no problems, but have been having nothing but problems trying to get this working without. This client software is pretty expensive and if it is possible to get around using it, that'd be great. Thanks for any info.
  Jason

  You can do 802.1x without CSSC, you cannot support remediation without it however. 802.1x by itself allows you authentication, and dynamic VLAN assignment.

• 802.1x Wireless Authentication

  Hello
  I am using a MS Certificate Server and MS Radius server with 802.1x Wireless Authentication. When the macs Authenticate I get a warning so to speak and the Cert will not save or trust. I have enter it in as a 509 anchor and other and still the same thing. Is anyone out there doing this.
  The windows says
  801x Authentication
  The Server Certificate could not be validated becuase the root certificate is missing.
  Thanks

  No, CA wasn't changed with R2.
  Are you able to see the User's certificate in the Keychain app under the login keychain & My Certificates? Can you see the CA's certificate under the X509Anchors?
  In the login keychain, when looking at the Users certificate, does it show as valid?

• 1552 in P-MP acting as 802.11a Wireless Bridge with single antenna SISO

  Can you configure three Cisco 1552EUs to act as a RAP and two MAPs in a bridge only Point to Multipoint configuration. 
  I'd like to disable two of the 5Ghz antenna ports and use just a single TX/RX port and a single directional antenna for each AP.
  Does this simply reduce the system gain because you lose the MRC MIMO advantage / gain of either 1.7 or 4.7db (depending on qty of spatial streams).
  Also, are the 1552EU's backward compatible with the Cisco 1310's in the configuration mentioned above.
  Thanks for any comments.

  The transfer speeds sound about right. The "54Mbps" is a signaling rate, not a throughput.
  To make 802.11 wireless "reliable"  (comparable to a wired network)  the data is, in effect, sent twice and staggered such that a glitch usually doesn't get both.
  In terms of throughput of your data, a strong signal with good signal quality, using IP, unencrypted  should run ~22-26Mbps (some variability for noise/interference, mixed frame sizes, TCP ACK times, application responses, etc). 
  So, at ~24 Mbps (megabits per second) you're looking at ~4  megabytes per second versus 100Mbps/12.5mBps as a probable max rate.
  Given that, a transfer that takes approximately one minute on a wired network under typical conditions ... having it take four-to-five minutes on a typical wireless system is about right.
  For power settings, you can adjust the power by monitoring the RSSI values on the receiving system. If I can find the docs on Cisco's main site I'll post 'em up later (gotta run ...), but if the mechanical install is good, then it'll just be a little keyboard work.
  Good Luck
  Scott

• Cisco ap3700 802.11ac wireless brigde

  Can i use the 3702e with ios software and a directional antenne as an 802.11ac wireless bridge for inter-building connectivity ? What is the expected speed of a wireless bridge link with a typical inter-building distance of 40 to 60 m ?

  Product information has not yet released to say this AP model can use as wireless bridge. Typically 3700 AP is not target for wireless bridge solution. Here is the datasheet available for this product.
  http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps13367/data_sheet_c78-729421.html
  You have to do a test & confirm data rates & performance you get in your environment.
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Can I use an airport express to extend a Cisco E4200 802.11n or 802.11g wireless network?

  Can I use an Airport Express to extend a Cisco E4200 802.11n or 802.11g wireless network?  I'd like to improve access in a dead spot with an airport express. I know I can connect this wayt for airplay, but how about extending the signal?
  Thx! ACB

  Apple's "extend a wireless network" function appears to be a proprietary feature that works only with other Apple AirPort routers. As far as we know, this feature is not compatible with devices from other manufacturers.
  It would be extremely unlikely that the Express could do what you want, but some things are never known until  you try.

• Speed Tests Results for 802.11ac Wireless Connections

  Using the new Apple MacBook Air with 802.11ac wireless, I tested copying a file and a folder to both the new 802.11ac AirPort Extreme router housing a USB-connected hard disk and the less recent 802.11n Apple AirPort Extreme router housing a similar USB-connected hard disk.
  The results of the tests are summarized in the table below. The movie file was ripped from a DVD movie, and the Microsoft folder is simply the Microsoft Office 2011 folder in my Applications folder containing 14,231 items.
  The MacBook Air computer was located 6–8 feet away from each router with no intervening obstructions. While this was not a scientific test, it demonstrated to me that 802.11ac wireless is clearly superior to 802.11n in a real world setting. I assume that the lower relative performance of 802.11ac versus 802.11n for the large folder containing many files is due to overhead in copying and writing files from and to the hard disks. Ditto for the Gigabit Ethernet test.

  Great resource for speedtesting: www.speedtest.net
  Will show you ping speed, upload/download speeds for your connection. Try for each then post results.

• Is there any 802.11n wireless bridge or some bridge throughput close to 100M?

  Hi All,
  I'm looking for some enterprise wireless bridge. Is there any cisco 802.11n wireless bridge on the market? or some bridge close to 100Mbps throughput? Thanks.
  Lou

  Hi;
  I'm investigating the exact same thing. After seeing the caveat in the 1250 install guide that said "Don't use it as a bridge!"  (http://www.cisco.com/en/US/docs/wireless/access_point/1250/installation/guide/125h_c1.html) , I called the Cisco WiFi sales engineer assigned to our region, the brilliant and lovely Ms. K.
  She clarified some items for me.
  802.11n relies on several things for increased speed, two of which are multiple spacial data streams (currently two) and the 40MHz increased channel width. When you do point-point, apparently there is just not as much multipoint benefit. She said we would be lucky to see more than 50 Mbps real throughput on a bridge using 1252s at 100m range. BTW, she said that even though the install guide says the 1252s could not be used in bridge mode, she thought it would work; perhaps the 2007 guide is outdated.
  So, we are going to get some antennas and test this. Will try to report back on the results.
  Regarding Exalt, she did confirm that at present Cisco is re-branding and selling them as OEM and support would be direct through Exalt, not TAC. She would not speculate on looming acqusitions, but did jokingly observe that in the past, all the companies that Cisco absorbed went through an OEM re-sell phase ;p
  http://www.exaltcom.com/sublanding.aspx?id=1512
  Steve

• Cisco NAC Guest Server for Wireless Users integration with IP telephony

  Hi Team
  I have a client who has the following requirement. The cleint requires a Guest server inorder to serve wireless needs for guests at their office. They want the guest to get their authentication codes via SMS. The cleint will have a lobby IP Phone where the guest will press the services button confgiured on the IP Phone. IT will then prompt the guest to enter his mobile number. Once the guest enters his mobile number, the guest will recieve a text via sms gateway with login credentials. They want to offload this from the receptionist and it is for this reason that they require this functionality.
  Has anyone done this sort of deployment ? We have already proposed NAC guest server and Wireless controller but we do not know whether the XML application for subscribing the service on the IP Phone is available directly with cisco or does it need to developed.
  Kindly advice on the same.
  Regards
  Azeem

  Hi Vishal,
  Please note that if you want to return ACLs (and usually in wired web auth you need to), you will have to integrate with ACS as NGS itself cannot return ACLs in the reply radius attributes.
  Basically the process is as follows:
  1 - Client plugs cable on switch.
  2 - Web auth is triggered on the port.
  3 - default ACL permiting only DNS and DHCP is applyed so that the client PC can obtain IP address and open a browser.
  4 - Client will be redirected to the NGS hotspot login page.
  5 - Client will enter credentials.
  6 - Client broswer will send an HTTP POST packet containing the credentials.
  7 - The switch will intercept the POS packets and retrieve the credentials entered.
  8 - The switch will send Radius Access-Request to the ACS.
  9 - The ACS will use the NGS as External Identity source to authenticate the client.
  10 - The NGS will reply with Radius Access-Accept to the ACS and the ACS will reply to the switch including the ACL in the Access-Accept.
  11 - the Switch authorizes the client on the port and applies the ACL it received from the ACS.
  Please follow the document Nicolas posted as it is a good one.
  HTH,
  Thanks

• Netgear WG311v3 802.11g Wireless PCI Adapter

  I have a G5 Tower with PCI slots.
  Is there a way to make this wireless card recognized as an AirPort card under OS 10.5.8?
  Currently, it does not even show up System Profiler.

  Just google "Netgear WG311v3 802.11g Wireless PCI Adapter". Apparently it supports Windows OS's. You can also inquire from the manufacturer.

• Update ralink 802.11n wireless lan card

  Receiving a pop up saying that there is an update to ralink 802.11n wireless lan card. Is this crucial?Bad past experience with updating things that weren't crucial.  Thanks!

  Hello , Welcome to the HP Forums, I hope you enjoy your experience! To help you get the most out of the HP Forums I would like to direct your attention to the HP Forums Guide First Time Here? Learn How to Post and More. I have read your post on how your desktop computer displays a pop-up message prompting you to update the wireless card installed. I would be happy to assist you in this matter! If you are not experiencing any difficulties connecting to a wireless network on your computer, I would not count the update as crucial. If your computer is having trouble connecting to the network, even if the problem is intermittent, it may be a good idea to install the update. I hope this helps, and if you have any other questions or concerns feel free to post back! Cheers

• Configuring 802.11 wireless security in WRT110

  I wish to implement 802.11 wireless security settings in my router WRT110. I am unble to see how it can be done . Any suggestions ?
  Thanks
  Shrikant

  Gain access to your admin pages in the router and select the wireless tab.
  Then go here.