Authenticate only the access point (B@EWC) on a switchport


Userlevel 1
Hello everybody

I'm using x440-G2 switches with a valid netlogin configuration for all access ports (1-48). All clients authenticate fine by MAC address and computer certificate. Now I would like to authenticate my Extreme access points by netlogin aswell. The ap's are recognized by their MAC address so that the NAC assign the ap the untagged vlan. I've configure B@EWC on the Extreme WLAN Controller. This works fine. Now, the problem I have of course, that all connected WLAN clients on this AP try to authenticate aswell.

Question: How can I prevent authenticate the connected WLAN clients on this swichport by netlogin? My goal is, that I don't configure each switchport manually, because I want to keep my dynamic configuration, that each switchport has the same configuration.

3 replies

Userlevel 3
On policy that is applied to the ap check APAware if it is enabled!
On X440G2 this works, but for example A4 it is not possible.
Userlevel 1
Anton Sax wrote:

On policy that is applied to the ap check APAware if it is enabled!
On X440G2 this works, but for example A4 it is not possible.

Hi Anton. This was exactly what I was looking for. Thank you very much!
Userlevel 7
if the controler is configured for bridge@EWC there is no authentication of the wireless clients on the switchport as the traffic is tunneled back to the controller = no client MAC on the AP switchport.

Reply