Repeating a 802.1x AP

Posted on 2014-02-22
Last Modified: 2014-02-25
Hi Guy's

Does anyone know if you can repeat a 802.1x Radius Auth. WPA-PSK signal.  The On-Network repeater I have won't do it, because it's not an open network, therefore it's looking for a passphrase that doesn't t exist as it's Radius auth.


Question by:ianmclachlan
  • 4
  • 2
  • 2
LVL 45

Expert Comment

by:Craig Beck
ID: 39879283
No - you can't repeat an 802.1x-secured SSID.  You may be able to bridge it though using WDS.
LVL 16
ID: 39879697
You didn't really specify what wireless products you're using, but if you are using commercial Cisco Wireless products you can absolutely accomplish what you're trying to do.

A Cisco AP can be set in repeater mode and be a 802.1x supplicant (client).


Author Comment

ID: 39879740
Sorry, it was a netgear AP.  

I assume, you need a Master cisco AP, and other Cisco AP's to achieve this scenario?
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

LVL 45

Expert Comment

by:Craig Beck
ID: 39879742
That's true.

There is a caveat or two to this though -

1] You can only do this with Autonomous APs
2] You can only do this with newer APs (1121, 1231 aren't supported).
3] IIRC you can only repeat one SSID in this way.
4] It doesn't work with all EAP types.

Good catch MO :-)
LVL 45

Expert Comment

by:Craig Beck
ID: 39879745
That's right Ian.

Author Comment

ID: 39885164
Thanks for all your help.  I suppose I should fill you in with the background of what I am trying to achieve.

We have a relatively large building, and I am trying to create one ESSID that uses 802.1x Authentication - rather than having multiple AP's / ESSID's.  I thought, (wrongly) I could maybe do this by creating a master AP and using repeaters throughout the building.

What would you guys recomend?

Again, thanks so much for your help

LVL 45

Accepted Solution

Craig Beck earned 500 total points
ID: 39885214
If that's what you want you should really do this properly - repeating isn't the way to do this at all.

An ESSID is actually a lot of different BSSIDs all advertising the same SSID, so it's correct to have lots of BSSIDs in the same ESSID.
(BSSID = AP, ESSID = Group of APs).

A few rules to a successful 802.1x-over-WLAN deployment...

- Each AP should be hard-wired back to the network.
- Each AP should use the same SSID/Authentiation/Encryption settings (to make it part of the ESSID).
- Each AP should talk directly to the RADIUS server.
LVL 16
ID: 39885953
To add to that, if you're not using a controller based solution, make sure your bordering AP's are on non-overlapping channels (1, 6 and 11) and that they overlap each other by about 20% for good roaming coverage.


Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is split into background info to start and actual review at bottom: Some time ago I wanted to sell a system with both wired and wireless capability but at minimum expense.  Having visited my trusted online auction I was pleasantly su…
Multi-source agreements are important because they set standards that all manufacturers should follow to ensure that devices are compatible with multiple vendors. The multi-source agreement (MSA) is an agreement that establishes how multiple vendors…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question