Design Guide
69
Cisco Aironet 1520, 1130, 1240 Series Wireless Mesh Access Points, Design and Deployment Guide, Release 6.0
OL-20213-01
Connecting the Cisco 1520 Series Mesh Access Point to Your Network
Note For additional configuration details on Cisco ACS servers, refer to the following links:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_installation_and_configuration_gu
ides_list.html (Windows)
http://www.cisco.com/en/US/products/sw/secursw/ps4911/ (UNIX)
Adding a Username to a RADIUS Server
Add MAC addresses of mesh access point that are authorized and authenticated by external RADIUS
servers to the user list of that server prior to enabling RADIUS authentication for a mesh access point.
For remote authorization and authentication, EAP-FAST uses the manufacturer’s certificate (CERT) to
authenticate the child mesh access point. Additionally, this manufacturer certificate-based identity
serves as the username for the mesh access point in user validation.
For IOS-based mesh access points (1130, 1240, 1522, 1524), in addition to adding the MAC address
to the user list, you need to enter the platform_name_string–Ethernet_MAC_address string to the user
list (for example, c1240-001122334455). The controller first sends the MAC address as the username;
if this first attempt fails, then the controller sends the platform_name_string–Ethernet_MAC_address
string as the username.
Note If you enter only the platform_name_string–Ethernet_MAC_address string to the user list, you will see
a first-try failure log on the AAA server; however, the IOS-based mesh access point will still be
authenticated on the second attempt using the platform_name_string–Ethernet_MAC_address string as
the username.
Note The password must match the username (for example, c1520-001122334455).<verify still true for 6.0>
Using the GUI to Enable External Authentication of Mesh Access Points
To enable external authentication for a mesh access point using the GUI, follow these steps.