802.1X Supplicant - Cisco WAP125 Administrator's Manual

System Configuration
control the wireless client access (see
external RADIUS server to authenticate the clients. The MAC address filtering feature, where the client access
is restricted to a list, may also be configured to use a RADIUS server to control the access. The Captive Portal
feature also uses RADIUS to authenticate the clients.
Use the Radius Server page to configure the RADIUS servers that are used by these features. You can configure
up to four globally available IPv4 or IPv6 RADIUS servers. However, you must select whether the RADIUS
client operates in IPv4 or IPv6 mode with respect to the global servers. One of the servers always acts as the
primary server while the other act as the backup servers.
In addition to using the global RADIUS servers, you can also configure each VAP to use a specific set of
Note
RADIUS servers. See
To configure the global RADIUS servers follow these steps:
Step 1 Select Security > Radius Server.
Step 2 Configure these parameters:
• Server IP Address Type — Select the IP version that the RADIUS server uses. You can toggle between the address
types to configure IPv4 and IPv6 global RADIUS address settings, but the WAP device contacts only the RADIUS
server or servers with the address type that you select in this field
• Server IP Address-1 or Server IPv6 Address-1 — Enter the address for the primary global RADIUS server.
When the first wireless client tries to authenticate with the WAP device, the WAP device sends an authentication
request to the primary server. If the primary server responds to the authentication request, the WAP device continues
to use this RADIUS server as the primary server, and authentication requests are sent to the address specified.
• Server IP Address-2 or Server IPv6 Address-2 — Enter the addresses for up to backup IPv4 or IPv6 RADIUS
servers. If authentication fails with the primary server, the configured backup server is tried.
• Key-1 — Enter the shared secret key that the WAP device uses to authenticate to the primary RADIUS server.
You can use from 1 to 64 standard alphanumeric and special characters. The key is case sensitive and must match
the key configured on the RADIUS server. The text that you enter appears as asterisks.
• Key-2 — Enter the RADIUS key associated with the configured backup RADIUS servers. The server at Server IP
(IPv6) Address 2 uses Key 2.
• Enable RADIUS Accounting — Check Enable to enable tracking and measuring of the resources that a particular
user consumes, such as system time, amount of data transmitted and received, and so on. If you enable RADIUS
accounting, it is enabled for the primary RADIUS server and all backup servers.
Step 3 Click Save. The changes are saved to the Startup Configuration.

802.1x Supplicant

The IEEE 802.1X authentication enables the WAP device to gain access to a secured wired network. You can
enable the WAP device as an 802.1X supplicant (client) on the wired network. A user name and password
with the MD5 algorithm encryption can be configured to allow the WAP device to authenticate using 802.1X.
Radio, on page
Networks, on page 42 for more information.
Cisco WAP125 Wireless-AC/N Dual Band Desktop Access Point with PoE
37). The WPA Enterprise security method uses an
802.1x Supplicant
31