Table of Contents
Advertisement
NAC Support for MBSSID
Configuring NAC for MBSSID
This feature supports only Layer 2 mobility within VLANs. Layer 3 mobility using network ID is not
Note
supported in this feature.
Note
Before you attempt to enable NAC for MBSSID on your access points, you should first have NAC
working properly.
Figure 3
For additional information, see the documentation for deploying NAC for Cisco wireless networks.
Follow these steps to configure NAC for MBSSID on your access point:
Configure your network as shown in
Step 1
Step 2
Configure standalone access points and NAC-enabled client-EAP authentication.
Step 3
Configure the local profiles on the ACS server for posture validation.
Step 4
Configure the client and access point to allow the client to successful authenticate using EAP-FAST.
Ensure that the client posture is valid.
Step 5
Verify that the client associates to the access point and that the client is placed on the unrestricted VLAN
Step 6
after successful authentication and posture validation.
A sample configuration is shown below.
dot11 mbssid
dot11 vlan-name engg-normal vlan 100
dot11 vlan-name engg-infected vlan 102
dot11 vlan-name mktg-normal vlan 101
dot11 vlan-name mktg-infected1 vlan 103
dot11 vlan-name mktg-infected2 vlan 104
dot11 vlan-name mktg-infected3 vlan 105
!
dot11 ssid engg
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
7-16
Figure 3
shows a typical network setup.
Typical NAC Network Setup
Unrestricted
Access
VLAN/Network
vlan engg-normal backup engg-infected
Quarantine/
Restricted Access
VLAN/Network
ACS
Wireless laptops
Figure
3.
Chapter 7
Configuring Multiple SSIDs
OL-14209-01
- Quick Links:
- Repeater Access Point
Hide quick links:
Advertisement
Table of Contents
