You can delete a configured profile using the “delete” keyword after the credential profile name using the same config line. You can configure 802.1X credential profile as shown below. Signature Algorithm: sha256WithRSAEncryption
You can verify certificate details as shown below (not shown the complete output) AP3802# show crypto pki trustpointĬA-Cert file : /storage/wbridge_pki_cert/MRN_TRUST/MRN_TRUST_ca.pemĬlient-Cert file : /storage/wbridge_pki_cert/MRN_TRUST/MRN_TRUST_client.pem PKI trustpoint configuration has been saved successfully And end with the word "quit" on a line by itself.Ĭertificate has the following attributes: AP3802# configure crypto pki trustpoint MRN_TRUSTĪllow-expired-cert Allow expired certificates to be acceptedĪP3802# configure crypto pki trustpoint MRN_TRUST enrollment terminalĪP3802# configure crypto pki trustpoint MRN_TRUST authenticate By using the “authenticate” option you can load the CA root certificate on to WGB. In this case enrollment type is chosen as “terminal”. You can configure Trust Point and associated parameters as shown below. It is a good idea to syn it with a NTP server AP3802# configure clockĪP3802# configure clock set 14:21:19 7 4 2020ĪP3802# configure ntp server 192.168.100.1 You can do it by using “ configure clock” CLI command. It is important to configure accurate time, especially if you are using 802.1X. Ssid-profile Configure SSID profile information You can see different configuration options available shown below AP3802#configure ?ĭot1x IEEE 802.1X global configuration commandsĮap-profile EAP global configuration commands Once converted to WGB, you can do configurations simply start command with the “configure” keyword. WGB is a wireless client that serve as nonroot ap for wired clients.ĪP is the Master/CAPWAP AP, system will need a reboot when ap type is changed to Workgroup-bridge Switch to Workgroup Bridge(WGB) AP type Mobility-express Switch to Mobility Express AP type AP will be reloaded & then you can configure WGB specific configurations. Change Radio station-role to WGB and assign SSIDĮncryption mode ciphers aes-ccm ssid mrn-wpa2eīefore you configure WGB settings on 3802, you have to change AP mode to WGB.Configure SSID and map EAP/802.1X ProfileĪuthentication key-management wpa version 2 dot1x credentials MRN-CRD.Upload Root CA for configured Trust PointĮnter the base 64 encoded CA certificate.Įnd with a blank line or the word "quit" on a line by itself.Revocation-check none rsakeypair WGB 2048
If you follow my previous post on WGB with PEAP on Autonomous AP, you see config steps are shown below Here is the 3802 image version being used in this testing. WGB and wired client behind it get IP addresses via DHCP from the central site (192.168.99.x/24) 802.1X SSID configured with Central switching. In this post, we will configure 3802 as WGB with 802.1X (PEAP). There are not autonomous images available for COS based APs (Click OS APs – 1800/2800/3800/4800). Traditionally WGB feature supported only on Autonomous mode in IOS based APs. Cisco enabled WGB feature on Wave2 APs (only for 2800/3800/1560 series) from AireOS 8.8.x release onward.