Provisioning a Small Branch WLAN
Enable the AAA RADIUS server.
Step 1
You must match the following configuration with an equivalent configuration on the RADIUS server.
aaa new-model
aaa session-id common
aaa authentication dot1x default group RADIUS
aaa authorization network default group RADIUS
aaa accounting dot1x default start-stop group RADIUS
!
! Enable 802.1X authentication globally on the switch
!
dot1x system-auth-control
! Radius Server definition (adds ISE to the Radius Group)
!
RADIUS server
address ipv4
key
!
!
aaa group server RADIUS
server name
Configure the WLAN with IEEE 802.1x Authentication
Create a WLAN with WPA2 and IEEE 802.1x enabled.
Step 2
Although the controller and access points support WLAN with SSID using WPA and WPA2
simultaneously, some wireless client drivers cannot support complex SSID settings.
Whenever possible, we recommend only WPA2 be configured with Advanced Encryption Standard
(AES).
wlan
client vlan
no shutdown
WPA2 with AES encryption and IEEE 802.1x key management are enabled by default on the WLAN for
Note
the switch so you do not need to explicitly configure these security settings.
Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series
94
AuthServer
192.168.254.14
cisco123
RADIUS-GROUP
AuthServer
Secure_WLAN1 CISCO_WLAN
200
auth-port
1645
acct-port
Converged Wired and Wireless Access
1646