802.1X Supplicant Support

The 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication protocol prevents the unauthorized clients from gaining access to the network through publicly accessible ports. If the ports to which the Instant APs are connected, are configured to use the 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication method, ensure that you configure the Instant APs to function as an 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. client or supplicant. If your network requires all wired devices to authenticate using PEAP Protected Extensible Authentication Protocol. PEAP is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS. or TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.  protocol, you need to configure the Instant AP uplink ports for 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication, so that the switch grants access to the Instant AP only after completing the authentication as a valid client.

To enable the 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. supplicant support on an Instant AP, ensure that the 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication parameters are configured on all Instant APs in the cluster and are stored securely in the Instant AP flash.

 

The 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. supplicant support feature is not supported with mesh and Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink.

Configuring an Instant AP for 802.1X Supplicant Support

The following procedure describes how to enable 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. supplicant support, configure 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication parameters on every Instant AP using the WebUI:

Table 1: Configuring 802.1X Supplicant Support

New WebUI

Old WebUI

To use PEAP Protected Extensible Authentication Protocol. PEAP is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS. protocol-based 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication method, complete the following steps:

1. In the Configuration > Access Points page, select the Instant AP on which you want to set the variables for 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication, and click Edit.

2. In the Edit Access Point <access point> page, expand the Uplink.

3. Under PEAP User, enter a username, password, and retype the password for confirmation. The Instant AP username and password are stored in Instant AP flash. When the Instant AP boots, the /tmp/ap1xuser and /tmp/ap1xpassword files are created based on these two variables.

NOTE: The default inner authentication protocol for PEAP Protected Extensible Authentication Protocol. PEAP is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS. is MS-CHAPV2.

To use PEAP Protected Extensible Authentication Protocol. PEAP is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS. protocol-based 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication method, complete the following steps:

1. In the Access Points tab, click the Instant AP on which you want to set the variables for 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication, and then click the edit link.

2. In the Edit Access Point window, click the Uplink tab.

3. Under PEAP user, enter the username, password, and retype the password for confirmation. The Instant AP username and password are stored in Instant AP flash. When the Instant AP boots, the /tmp/ap1xuser and /tmp/ap1xpassword files are created based on these two variables.

NOTE: The default inner authentication protocol for PEAP Protected Extensible Authentication Protocol. PEAP is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS. is MS-CHAPV2.

To upload server certificates for validating the authentication server credentials, complete the following steps:

1. Expand Upload Certificate.

2. Specify the URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. from where you want to upload the certificates and select the type of certificate.

3. Click Upload Certificate.

To upload server certificates for validating the authentication server credentials, complete the following steps:

1. Click Upload New Certificate.

2. Specify the URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. from where you want to upload the certificates and select the type of certificate.

3. Click OK.

To configure 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication on uplink ports of an Instant AP, complete the following steps:

1. Go to Configuration > System page.

2. Click Show advanced options at the bottom of the page and expand Uplink.

3. Under AP1X, select PEAP or TLS in the AP1X type drop-down list.

4. If you want to validate the server credentials using server certificate, toggle the Validate server switch to enable. Ensure that the server certificates for validating server credentials are uploaded to Instant AP database.

5. Click Save.

6. Reboot the Instant AP.

NOTE: The user certificate must be in the PEM format and include both the user certificate and the private key The part of a public-private key pair that is always kept private. The private key encrypts the signature of a message to authenticate the sender. The private key also decrypts a message that was encrypted with the public key of the sender.. If the certificate pair is encrypted, you must obtain the associated private key The part of a public-private key pair that is always kept private. The private key encrypts the signature of a message to authenticate the sender. The private key also decrypts a message that was encrypted with the public key of the sender..

To configure 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication on uplink ports of an Instant AP, complete the following steps:

1. Go to System > Show advanced options > Uplink.

2. Click AP1X.

3. Select PEAP or TLS in the AP1X type drop-down list.

4. If you want to validate the server credentials using server certificate, select the Validate server check box. Ensure that the server certificates for validating server credentials are uploaded to Instant AP database.

5. Click OK.

6. Reboot the Instant AP.

NOTE: The user certificate must be in the PEM format and include both the user certificate and the private key The part of a public-private key pair that is always kept private. The private key encrypts the signature of a message to authenticate the sender. The private key also decrypts a message that was encrypted with the public key of the sender.. If the certificate pair is encrypted, you must obtain the associated private key The part of a public-private key pair that is always kept private. The private key encrypts the signature of a message to authenticate the sender. The private key also decrypts a message that was encrypted with the public key of the sender..

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command sets username and password variable used by the PEAP Protected Extensible Authentication Protocol. PEAP is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS. protocol-based 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication:

(Instant AP)# ap1x-peap-user <ap1xuser> <password>

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command sets the PEAP Protected Extensible Authentication Protocol. PEAP is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS. 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication type:

(Instant AP)(config)# ap1x peap [validate-server]

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command sets TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.   802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication type:

(Instant AP)(config)# ap1x tls <tpm|user> [validate-server]

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command uploads user or CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificates for PEAP Protected Extensible Authentication Protocol. PEAP is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS. or TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. authentication:

(Instant AP)# copy tftp <addr> <file> ap1x {ca|cert <password>} format pem

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands download user or server certificates from a TFTP Trivial File Transfer Protocol. The TFTP is a software utility for transferring files from or to a remote host. , FTP File Transfer Protocol. A standard network protocol used for transferring files between a client and server on a computer network. , or web server:

(Instant AP)# download ap1x <url> format pem [psk <psk>]

(Instant AP)# download ap1xca <url> format pem

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command shows the certificate details:

(Instant AP)# show ap1xcert

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands verify the configuration, use any of the following commands:

(Instant AP)# show ap1x config

(Instant AP)# show ap1x debug-logs

(Instant AP)# show ap1x status