- Preface
- Product Overview
- Supported Features
- CT5760 Centralized Configuration Example
- Mobility Architecture
- Bring Your Own Device Security Configuration
- Secure WLAN Configuration
- 802.11ac Support on WLC5760 and Catalyst 3850
- Radio Resource Management Configuration
- CleanAir
- Configuring ClientLink (Beamforming)
- High Availability
- Interface Group
- Multicast Configuration
- Installing and Upgrading Software Image on a CT5760
- Adding WLC to Prime
- Application Visibility and Flexible Netflow
- Service Discovery Gateway (mDNS Gateway)
- QoS Configuration
Secure WLAN Configuration
Secure WLAN Configuration on Catalyst 3850/WLC5760
Wireless Dot1x Configuration
aaa authentication login no_auth none
aaa authentication dot1x default group radius
aaa authentication dot1x Cisco_dot1x group Cisco
aaa authorization network default group Cisco
aaa accounting network default start-stop group Cisco
address ipv4 10.10.200.60 auth-port 1812 acct-port 1813
Dynamic Authorization Configuration (Optional)
aaa server radius dynamic-author
Radius Server Configuration (Optional)
radius-server attribute 6 on-for-login-auth
radius-server dead-criteria time 10 tries 3
URL-Redirect Access-list Configuration
ip access-list extended NSP-ACL <- Supplicant Provisioning ACL
HTTP Configuration
WLAN Configuration
wireless management interface 200
wireless client user-timeout 600
wlan BYOD-Dot1x 1 BYOD-Dot1x <- Secure Corporate SSID
security dot1x authentication-list Cisco
wlan BYOD-Open 2 BYOD-Open <- Guest SSID
no security wpa wpa2 ciphers aes
Verify Wireless Dot1x Session
Controller-MC#show access-session method dot1x details
Controller-MC#show access-session interface capwap 1 details
Controller-MC#show access-session mac 6420.0c37.5108 interface capwap 1
Deauthenticate Client
Controller-MC#wireless client mac-address 6420.0c37.5108 deauthenticate
Controller-MC#show wireless client summary
Note For information on ISE, refer to http://www.cisco.com/c/en/us/support/security/identity-services-engine/products-implementation-design-guides-list.html.