Table of Contents
Advertisement
Connecting the Cisco 1500 Series Mesh Access Points to the Network
Adding a Username to a RADIUS Server
Add MAC addresses of mesh access point that are authorized and authenticated by external RADIUS servers
to the user list of that server prior to enabling RADIUS authentication for a mesh access point.
For remote authorization and authentication, EAP-FAST uses the manufacturer's certificate (CERT) to
authenticate the child mesh access point. Additionally, this manufacturer certificate-based identity serves as
the username for the mesh access point in user validation.
For Cisco IOS-based mesh access points, in addition to adding the MAC address to the user list, you need to
enter the platform_name_string–Ethernet_MAC_address string to the user list (for example,
c1240-001122334455). The controller first sends the MAC address as the username; if this first attempt fails,
then the controller sends the platform_name_string–Ethernet_MAC_address string as the username.
Note
If you enter only the platform_name_string–Ethernet_MAC_address string to the user list, you will see
a first-try failure log on the AAA server; however, the Cisco IOS-based mesh access point will still be
authenticated on the second attempt using the platform_name_string–Ethernet_MAC_address string as
the username.
The password must match the username (for example, c1520-001122334455).
Note
OL-27593-01
Configuring External Authentication and Authorization Using a RADIUS Server
Cisco Mesh Access Points, Design and Deployment Guide, Release 7.3
111
- Quick Links:
- Access Point Roles
- Monitoring the Led Status
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
