Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
837
Views
0
Helpful
5
Replies

Wlc 2100 with local eap auth

Go to solution
trondkristiansen
Level 1
Level 1

‎01-07-2011 05:34 AM

Hello

I have set up an wlc 2125 with local eap auth which I think is working fine for now.

But I dont want it come up a certificate warning when user log in.

Can I stop this from happening without bying a certificate?

Can I turn of https all together?

Trond

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Ziliotto
Cisco Employee
Cisco Employee
In response to trondkristiansen

‎01-07-2011 07:03 AM

Thank you Trond,

So here we are talking about web authentication, which does not use local EAP, so not sure whether the local EAP profile is really being triggered for that.

Clients are being prompted with a WLC's self-signed certificate, more or less in the same way as they would be if they tried to login to the WLC via HTTPS.
Similarly, the fastest way would be to install this certificate on the user's machine, so that it can trust it from that moment on.

Or you can generate a certificate signing request for the WLC, submit it to a root CA/buy a root CA signed server certificate (with the root CA trusted by the clients) and then install this certificate on the WLC:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

For web authentication, there is no way to switch to HTTP for the WLC's certificate validation.

Regards,

Fede

--
If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Federico Ziliotto
Cisco Employee
Cisco Employee

‎01-07-2011 05:41 AM

Hi Trond,

Could you please confirm whether you are referring to the server certificate pop-up on the client when doing PEAP authentication?
If so, under the Authentication tab of the wireless card, in the PEAP settings there is a box called "validate server certificate" that you could uncheck.

If you are referring to the certificate's pop-up when trying to login to the WLC, this may be due to the fact that the WLC uses a self-signed certificate that is not yet trusted by the user.

The fastest way would be to install this certificate on the user's machine, so that it can trust it from that moment on.

You can enable/disable HTTP and HTTPS access to the WLC under MANAGEMENT > HTTP-HTTPS

Regards,

Fede

--
If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

0 Helpful

Go to solution
trondkristiansen
Level 1
Level 1
In response to Federico Ziliotto

‎01-07-2011 06:48 AM

Hello and thanks for reply.

Its not the logging in to the manager interface.

I dont have set up an radius server yet som I'm using the build in database in the wlc. The users are redirectet to a Cisco like page from the wlc's webserver where they must set in username/password. But before they come to the login page they are warned that this is a unsafe page,, certificate etc.

In our inviroment its uneseserry with https at all so the best would be to not use it, but if not I will problaby have to buy a certificate. Now every wirless user will get this warning.

Trond

0 Helpful

Go to solution
Federico Ziliotto
Cisco Employee
Cisco Employee
In response to trondkristiansen

‎01-07-2011 07:03 AM

Thank you Trond,

So here we are talking about web authentication, which does not use local EAP, so not sure whether the local EAP profile is really being triggered for that.

Clients are being prompted with a WLC's self-signed certificate, more or less in the same way as they would be if they tried to login to the WLC via HTTPS.
Similarly, the fastest way would be to install this certificate on the user's machine, so that it can trust it from that moment on.

Or you can generate a certificate signing request for the WLC, submit it to a root CA/buy a root CA signed server certificate (with the root CA trusted by the clients) and then install this certificate on the WLC:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

For web authentication, there is no way to switch to HTTP for the WLC's certificate validation.

Regards,

Fede

--
If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

0 Helpful

Go to solution
trondkristiansen
Level 1
Level 1
In response to Federico Ziliotto

‎01-07-2011 07:08 AM

Thanks, then I'l buy a certificate.

0 Helpful

Go to solution
Federico Ziliotto
Cisco Employee
Cisco Employee
In response to trondkristiansen

‎01-07-2011 07:13 AM

Thank you Trond, glad that we could help you out with this.
Feel free to ping us back for any further help with this setup if needed.

Regards,

Fede

--
If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents