OEAP 602 Remote LAN 802.1x (Port 4) with Wired IP Phone and Laptop behind the IP Phone
1. WLC 5508 running 188.8.131.52
2. OEAP 602I
3. Windows 7 Client
4. Cisco IP Phone 7975
5. ACS 5.2
Creating a Remote LAN for OEAP Wired Clients (Port 4)
STEP 2: Setting up wired ip phone for 802.1X authentication
On the phone go to Settings > Security Configuration > 802.1X Authentication > Device Authentication > Enabled
you do not need to enable password for EAP-MD5
the Phone does EAP-TLS authentication
STEP3: Getting chained cert for the Cisco 7975 phone for EAP-TLS authentication
Note: Set the remote LAN to no security. Let the phone grab an ip address and register to the call manager. From the call manager enable the web mode. Navigate to the https page of the phone and grab the device cert of the phone using your web browser.
Click on the Details tab and hit Export
Save the cert on the local machine
Open the cert by double clicking on it and Click on the 'Certification Path'
you can see the chained cert of the device. you already have the device cert. From this view save the Intermediate root and the Root CA cert.
Now you have a 3 certs, CP-7975G-SEPD0C282D1F0BA, Cisco Manufacturing CA and Cisco Systems.
STEP 4: Import these certs on the ACS Certificate Authorities for EAP-TLS authentication of 7975 IP Phone.
When you add the cert check the 'trust for Client with EAP-TLS' option
STEP 5: Configuring Access Policies on ACS
From Service Selection Rules check Rule based result selection.
I have configured Rule 1 for Radius with service set to Default Network Access and Rule 2 for TACACS with service set to Default Device Admin
Under Default Network Access
Allow the necessary protocols
Select Default Network Access > Identity and click on Rule based result selection
Hit Customize to add 'EAP Authentication Method' and 'EAP Tunnel Building Method'
Create a new Rule which matches PEAP and MSCHAP-v2 for Windows 7 authentication which points to the Internal Users Identity Source
I have the Default rule at the end pointing to CN username for EAP-TLS authentication of the 7975 IP Phone
STEP 6: Setting up wired 802.1X authentication for Windows 7
STEP 7: Enable 802.1X authentication on the Remote LAN and sit tight
Below you can see successful authentication for 7975 phone using x509_PKI and Windows 7 using PEAP (EAP-MSCHAPV2)
Ladies and gentlemenI've got a problem here. For unknown reasons, the controller is 5520 while it's version is 8.1.123, and it's an old device.
Recently, I found that the portal authentication we did ourselves cannot automatically jump after linking...
I have a small AP network running that has been running quietly and happily for a couple years. Recently one of the AP1815i-B-K9 failed and all that I could lay hands on quickly was an AP1815W-B-K9. It appears to come up normally and appears in the ME con...
Hello, I hope someone can help me figure out how to set up manually specific Tx power levels, channels and channel width in the 9800 series controller for each AP or groups of APs. Thank you in advance.
I have since tried to access downloads for Cisco ios images..Unfortunately I am required to find partner who sold me the device, an the worst thing is, I can't even use the device Serial number yet it is genuinely a Cisco device...How else can I gain acce...
I have Cisco Wlc 9800 , i add AP Cisco C9115AXE-E with success and interface 5 GHZ is enabled and operation status is greenBut in AP AIR-AP2802I-E-K9 i added in wlc but the interface radio for the both 2.4 GHZ and 5GHZ is redsee below these ...