topic Re: Can we use only certificate based authentication for user authentication using Cisco WLC with external Radius server in Wireless https://community.cisco.com/t5/wireless/can-we-use-only-certificate-based-authentication-for-user/m-p/3847817#M5011 <P>Hello&nbsp;<SPAN>&nbsp;Haydn,</SPAN></P><P>The solution has worked thanks for your help.</P><P>I have another query, the radius server expert says that they need 60s to verify the certificate and asked me&nbsp; is there any option in WLC where I have to put timer for this 60s certificate validation.</P> Tue, 30 Apr 2019 09:25:21 GMT Afroza Shultana Tonny 2019-04-30T09:25:21Z Can we use only certificate based authentication for user authentication using Cisco WLC with external Radius server https://community.cisco.com/t5/wireless/can-we-use-only-certificate-based-authentication-for-user/m-p/3846953#M5008 <P>I have a cisco WLC 3504 and Ubuntu Radius Server&nbsp; which works as the external Radius server.</P><P>I want the wireless clients to be authenticated using certificates and what will be SSID security settings for this?? Is there any documentation link for this??</P> Mon, 05 Jul 2021 17:17:58 GMT https://community.cisco.com/t5/wireless/can-we-use-only-certificate-based-authentication-for-user/m-p/3846953#M5008 Afroza Shultana Tonny 2021-07-05T17:17:58Z Re: Can we use only certificate based authentication for user authentication using Cisco WLC with external Radius server https://community.cisco.com/t5/wireless/can-we-use-only-certificate-based-authentication-for-user/m-p/3846982#M5009 <P>Hi Afroza,</P><P>&nbsp;</P><P>Please refer this&nbsp;<STRONG><EM><A title="Configure-802-1x-PEAP-with-FreeRadius" href="https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/211263-Configure-802-1x-PEAP-with-FreeRadius.html" target="_blank" rel="noopener">Configure-802-1x-PEAP-with-FreeRadius</A></EM></STRONG></P> Mon, 29 Apr 2019 08:18:44 GMT https://community.cisco.com/t5/wireless/can-we-use-only-certificate-based-authentication-for-user/m-p/3846982#M5009 Sathiyanarayanan Ravindran 2019-04-29T08:18:44Z Re: Can we use only certificate based authentication for user authentication using Cisco WLC with external Radius server https://community.cisco.com/t5/wireless/can-we-use-only-certificate-based-authentication-for-user/m-p/3847007#M5010 <P>Effectively the you need to do following:</P><P>&nbsp;</P><P>Add the RADIUS server to the WLC</P><P>Configure the WLAN for WPA2 Enterprise 802.1x authentication AS per the WLC parts of this document:</P><P><A href="https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/213543-configure-eap-tls-flow-with-ise.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/213543-configure-eap-tls-flow-with-ise.html</A></P><P>&nbsp;</P><P>Where it goes through ISE configurations you need to configure your RADIUS server to EAP-TLS</P><P>Here is how FreeRADIUS does it:</P><P><A href="https://documentation.meraki.com/MR/Encryption_and_Authentication/Freeradius%3A_Configure_freeradius_to_work_with_EAP-TLS_authentication" target="_blank">https://documentation.meraki.com/MR/Encryption_and_Authentication/Freeradius%3A_Configure_freeradius_to_work_with_EAP-TLS_authentication</A></P><P>&nbsp;</P><P>&nbsp;</P> Mon, 29 Apr 2019 09:06:23 GMT https://community.cisco.com/t5/wireless/can-we-use-only-certificate-based-authentication-for-user/m-p/3847007#M5010 Haydn Andrews 2019-04-29T09:06:23Z Re: Can we use only certificate based authentication for user authentication using Cisco WLC with external Radius server https://community.cisco.com/t5/wireless/can-we-use-only-certificate-based-authentication-for-user/m-p/3847817#M5011 <P>Hello&nbsp;<SPAN>&nbsp;Haydn,</SPAN></P><P>The solution has worked thanks for your help.</P><P>I have another query, the radius server expert says that they need 60s to verify the certificate and asked me&nbsp; is there any option in WLC where I have to put timer for this 60s certificate validation.</P> Tue, 30 Apr 2019 09:25:21 GMT https://community.cisco.com/t5/wireless/can-we-use-only-certificate-based-authentication-for-user/m-p/3847817#M5011 Afroza Shultana Tonny 2019-04-30T09:25:21Z Re: Can we use only certificate based authentication for user authentication using Cisco WLC with external Radius server https://community.cisco.com/t5/wireless/can-we-use-only-certificate-based-authentication-for-user/m-p/3847838#M5012 <P>Glad i could help, make sure you help others out by marking solutions as accepted solutions.</P><P>Around timeouts, 60 seconds is a very long time, from a client prospective it it takes 60 seconds to authenticate i'm giving up or logging a ticket. Normally if the RADIUS server is in the same network segment as the WLC then for TLS I have never seen requirement to go past 5 seconds.</P><P>&nbsp;</P><P><A href="https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01010.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01010.html</A></P><P>&nbsp;</P><P>there are also some best practices for EAP style authentications here:</P><P><A href="https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/118703-technote-wlc-00.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/118703-technote-wlc-00.html</A></P> Tue, 30 Apr 2019 10:06:27 GMT https://community.cisco.com/t5/wireless/can-we-use-only-certificate-based-authentication-for-user/m-p/3847838#M5012 Haydn Andrews 2019-04-30T10:06:27Z