Information About Multiple Authentications for a Client
Multiple Authentication feature is an extension of Layer 2 and Layer 3 security types supported for client join.
Note |
You can enable both L2 and L3 authentication for a given SSID. |
Note |
The Multiple Authentication feature is applicable for regular clients only. |
Information About Supported Combination of Authentications for a Client
The Multiple Authentications for a Client feature supports multiple combination of authentications for a given client configured in the WLAN profile.
The following table outlines the supported combination of authentications:
Layer 2 |
Layer 3 |
Supported |
MAB |
CWA |
Yes |
MAB |
LWA |
Yes |
MAB + PSK |
- |
Yes |
MAB + 802.1X |
- |
Yes |
MAB Failure |
LWA |
Yes |
802.1X |
CWA |
Yes |
802.1X |
LWA |
Yes |
PSK |
- |
Yes |
PSK |
LWA |
Yes |
PSK |
CWA |
Yes |
iPSK |
- |
Yes |
iPSK |
CWA |
Yes |
iPSK + MAB |
CWA |
Yes |
iPSK |
LWA |
No |
MAB Failure + PSK |
LWA |
Yes |
MAB Failure + PSK |
CWA |
No |
MAB Failure + OWE |
LWA |
Yes |
MAB Failure + SAE |
LWA |
Yes |
From 16.10.1 onwards, 802.1X configurations on WLAN support web authentication configurations with WPA or WPA2 configuration.
The feature also supports the following AP modes:
-
Local
-
FlexConnect
-
Fabric
Jumbo Frame Support for RADIUS Packets
This document describes how to configure IP Maximum Transmission Unit (MTU) size for RADIUS server. RADIUS packets will get fragmented based on IP MTU, if source interface is attached to RADIUS group. With the new design, the RADIUS packets get fragmented at interface IP MTU configured value.
Note |
Fragmentation size is fixed. |
Combination of Authentications on MAC Failure Not Supported on a Client
The following table outlines the combination of authentications on MAC failure that are not supported on a given client:
Authentication Types |
Foreign |
Anchor |
Supported |
---|---|---|---|
WPA3-OWE+LWA |
Cisco AireOS |
Cisco Catalyst 9800 Controller |
No |
WPA3-SAE+LWA |
Cisco AireOS |
Cisco Catalyst 9800 Controller |
No |