Re: Cisco AP 702W EAP TLS

Heiko · ‎12-10-2019

Hello,

does anyone know which TLS version works with the Cisco Aironet 702W Access Point?

Thanks for the replys.

marce1000 · ‎12-10-2019

Ref : https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-700-series/data_sheet_c78-728968.html

◦ Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)

◦ EAP-Tunneled TLS (TTLS) or Microsoft Challenge Handshake Authentication Protocol Version 2 (MSCHAPv2)

>...

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Heiko · ‎12-11-2019

Hi marce,

thanks for the reply, but I want to know the TLS version which is supported by this AP. Is it TLS 1.1, 1.2 or 1.3?

patoberli · ‎12-11-2019

I think that depends what you exactly want to use. I think the Radius server is actually more important in that regard and the client. As far as I remember, the client only talks in TLS to the Radius server and that part is transparent for the AP. So the question is what your Radius and your Client supports.

Heiko · ‎12-11-2019

The ISE we use only accepts TLS 1.2 and TLS 1.3. As soon as the AP tries to connect to the network the ISE shows that the connection is refused because TLS 1.0 or 1.1 is used by the AP.

Is it possible to configure in the CLI of the AP the TLS version?

patoberli · ‎12-11-2019

Not that I know of, no. I'm pretty sure you need to enable TLS 1.0 to get EAP-TLS to work.

marce1000 · ‎12-11-2019

- The latter may not be possible but also make sure that the current software version being used on the AP is no too old. If it would be , then upgrade to the most recent release and verify the problem again.

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !