Do you use PEAP w/ server validation on 792X phones?
I'm just wondering if anyone else uses PEAP with server validation on 7921 and 7925 phones.
If you do what kinds of problems or administrative issues have you faced?
Currently we use this method but we are looking at either getting rid of the server validation or reconfiguring each and every phone to trust a private CA that we own. (We would also obviously install a cert signed by that CA onto the ACS server doing the RADIUS for the phones).
Right now the cert that is on the ACS servers is signed by GoDaddy. The phones all have the intermediate cert bundle and the root cert on them. This works just fine. However in my research I've found that the intermediate certificates might be changed out randomly at a whim, so when we go to renew this certificate with GoDaddy it could be possible none of the phones will trust the ACS server anymore.
So what does everyone think about this?
Is it a good idea to change the type of cert we are using to the private CA?
Would it be better to just give up on using server validation?
Or am I just being paranoid about GoDaddy changing out their intermediate certs?
I just looked at their public key store page and the same ones are still used and are valid that they used about a year ago to sign the cert we bought from them.
Integrating Cisco Identity Services Engine with Cisco Meraki Systems Manager
Technical Marketing Engineer, Cisco Systems, Inc.
Integrating Cisco Identity Services Engine with Cisco Meraki Systems ManagerOverviewCo...
Integrating Cisco Identity Services Engine with Cisco Meraki Systems ManagerOverviewComponentsConfiguration StepsCertificate InstallationAdd Meraki Systems Manager as an MDM in ISE.ISE Authorization PolicyMDM DictionaryAppendix
ISE 2.7 Guest Access Management Features
The following document explains the guest features of ISE 2.7. For more detail of what ISE 2.7 has to offer please check the associated documentation.
Auto Login on Sponsor Approval
SymptomsOutage during FTD code upgrade DiagnosisThe FTD code upgrade thru FMC will cause the traffic interruptionSolutionBelow process will upgrade the FTD with no downtime and no traffic interruption.Before the upgrade process:Download the FTD platf...
Process for FTD migration with PolicyAs per Cisco documentation, we have below steps for for de-register and register process. Please follow below steps :Step 1 : Break HA pair and de-register your FTD from FMC (old).Step 2 : Register your primary FTD wit...