Authenticate only the access point (B@EWC) on a switchport

  • 1
  • 2
  • Question
  • Updated 3 months ago
  • Answered
Hello everybody

I'm using x440-G2 switches with a valid netlogin configuration for all access ports (1-48). All clients authenticate fine by MAC address and computer certificate. Now I would like to authenticate my Extreme access points by netlogin aswell. The ap's are recognized by their MAC address so that the NAC assign the ap the untagged vlan. I've configure B@EWC on the Extreme WLAN Controller. This works fine. Now, the problem I have of course, that all connected WLAN clients on this AP try to authenticate aswell.

Question: How can I prevent authenticate the connected WLAN clients on this swichport by netlogin? My goal is, that I don't configure each switchport manually, because I want to keep my dynamic configuration, that each switchport has the same configuration.
Photo of Yves Haslimann

Yves Haslimann

  • 828 Points 500 badge 2x thumb

Posted 3 months ago

  • 1
  • 2
Photo of Anton Sax

Anton Sax

  • 956 Points 500 badge 2x thumb
On policy that is applied to the ap check APAware if it is enabled!
On X440G2 this works, but for example A4 it is not possible.
Photo of Yves Haslimann

Yves Haslimann

  • 828 Points 500 badge 2x thumb
Hi Anton. This was exactly what I was looking for. Thank you very much!
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 44,332 Points 20k badge 2x thumb
if the controler is configured for bridge@EWC there is no authentication of the wireless clients on the switchport as the traffic is tunneled back to the controller = no client MAC on the AP switchport.