01-06-2014 04:45 AM - edited 03-10-2019 09:14 PM
Hi,
My question if it is possible on Cisco 1600 AP's to disable the server certificate validation on a dot1x peap authentication method (please provide if any the appropiate CLI)
I now the in PEAP for a PEAP user implementation you want to validate the the server as that this is PEAP phase 1.
But we want only user PEAP as machine authentication, which I don't care the validation of the server. hence like in Windows you have a check box, so you can disable the validation of it.
Thanks in advance,
Kind regards,
Michel
01-06-2014 05:01 AM
If I understand you correctly. The ap delivers the certificate to the supplicant the supplicant then validates or not the certificate. The ap has nothing to do with that process. This is supplicant dependent ..
Sent from Cisco Technical Support iPhone App
01-06-2014 05:12 AM
Not really, let me explain the toplogy;
we want to enable 802.1x on the network switches and let the Cisco AP authenticate the AP (PEAP-MSCHAPv2) on the switch via 802.1x. Therefore we specify the following config on the AP:
eap profile PEAP
method peap
!
dot1x credentials test
username
password xxxxxx
!
interface GigabitEthernet0
dot1x pae supplicant
dot1x credentials test
dot1x supplicant eap profile PEAP
The question is the a possebility to disable the server certificate validation (as like in Windows) because we want to verify the AP, and yes I know for PEAP-user implementation it is a good practise to validate the server certificate.
Kind regards,
Michel
01-06-2014 06:50 AM
Got it ..
I know on the PEAP side of the AP you have to install a cert becuase the AP vaildates the certificate, like you are explaining. I dont think you can turn this off. Depending on your solution; ISE you can use MAB to get around this. Lets see if anyone comes back with anything. I will also check around ..
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide