Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
429
Views
0
Helpful
2
Replies

EAP-FAST and Radius Server Certificates

ciscoprolin
Level 1
Level 1

‎07-09-2007 01:57 AM - edited ‎07-03-2021 02:18 PM

Dear All,

we plan to use EAP-FAST for the authentification of client devices but would like to increase the security by using PKI-Server Certificates for the ACS Radius Server. Do you know if that is possible ? Or do we need PEAP for Radius Server Certificate validation ?

Thanks very much.

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎07-09-2007 08:57 AM

Hi

As far a i know EAP-FAST will not support server side certificates. EAP-FAST was developed to address the deficiencies in LEAP and one of the key design requirements was that it did not use certificates which made it relatively easy to deploy.

If you want server validation with certificates then PEAP is the way to go.

HTH

Jon

0 Helpful

Jagdeep Gambhir
Level 10
Level 10
In response to Jon Marshall

‎07-09-2007 09:36 AM

Hi,

Under FAST settings, it is possible to specify Validate Server Certificate, which permits the client to validate the EAP-FAST server (ACS) certificate prior to the establishment of an EAP-FAST session.

This provides protection for the client devices from connection to an unknown or rogue EAP-FAST server and inadvertent submittal of their authentication credentials to an untrusted source. This does require that the ACS server have a certificate installed and the client also has the correspondent Root Certificate Authority certificate installed.

Regards,

~JG

Please rate if that helps

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card