Below is the procedure to create a new SSID using dot 1.x authentication. Dot1.x authentication generally used for coporate wireless network. where user is authenticated via AD and machine certificate.
Below are few EAP authentication methods.
EAP-LTS is the most secure dot1.x methode which require both machine and user authentication.
EAP-PEAP authenticate the client using credentials.
We assume that AAA server is preconfigured as per the required.
Step 1. Go to Controller - > Interface -> New to create new interface.
Step 2. Give the interface name and Vlan id and press APPLY.
Step 3. Provide the IP address/Netmask/Gateway to the
interface. Also enter the VLAN id to which the ssid traffic will be mapped.
Map the logical interface to the physical port of the WLC.
DHCP server setting: - Enter WLC’s own address when the DHCP
scope is created on WLC itself otherwise adds external DHCP server IP
addresses.
Step 4. Press APPLY to apply the interface settings. You
will get the below warning which says that it can impact the connectivity to
the SSID. Hence we should not change the interface setting during production
hours.
Step 5. Once you press OK, you will get the list of
interface created so far.
Step 6. Go to WLAN ->wlan -> From the scroll Tab on
right side plan, select CREATE NEW and
press GO.
Step 7 Enter Profile name and SSID name and select the
unique ID and press APPLY.
Step 8 Click the SSID ID to configure the other parameter of
the SSID.
Select the interface and radio policy for the SSID.
Step 9 Go to Security -> Layer 2 security and chose
WAP+WPA2( recommended) and its parameters.
Step 10. Select the appropriate AAA server.
Please refer to blog AAA server configuration in WLC In
order to create new AAA.
Step 11. Enable the SSID, once the configuration is done.
No comments:
Post a Comment