Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
870
Views
0
Helpful
6
Replies

Certificate between Access point and Wireless client

csco11030279
Level 3
Level 3

‎05-15-2013 01:42 AM - edited ‎07-04-2021 12:04 AM

Hi;

is there anyway to configure a certificate between the wireless AP and clients to secure my username and the password.

my setup is WLC5508/AP1142/ACS5.4

I need the client to trust  the certifcate before entering the UN/PW

Labels:
0 Helpful
6 Replies 6

Chris Illsley
Level 8
Level 8

‎05-15-2013 02:37 AM

Hi,

It what authentication are you using?  If you are using a RADIUS server typically the certificate will be installed on the RADIUS server.

Let me know and we should be able to work it out.

Cheers

Chris

0 Helpful

csco11030279
Level 3
Level 3
In response to Chris Illsley

‎05-15-2013 03:30 AM

that is true, I am using RADIUS server for the authentications ; we are useing WPA2/WPA1

Thanks for the greate information

0 Helpful

Chris Illsley
Level 8
Level 8
In response to csco11030279

‎05-15-2013 03:32 AM

That's fine then, the certificate gets installed on your RADIUS server.

Register it in DNS make sure you have the trusted roots intalled and you should be good to go.

Thanks

Chris

Edit:  It's simple enough to generate the CSR in ACS 5.

0 Helpful

csco11030279
Level 3
Level 3
In response to Chris Illsley

‎05-15-2013 05:26 AM

http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080b4cdb9.shtml#compdomain

I found this link, but in this procedure the computer or the wireless client should be part in the domain.

is this the only way to do that, ?

0 Helpful

Chris Illsley
Level 8
Level 8
In response to csco11030279

‎05-15-2013 06:29 AM

Hi,

Not read it, but if you are authenticating against AD you do need an object in the domain to authenticate against, be that a computer or a username, the certificate part though has nothing to do with the domain.

Thanks

Chris

0 Helpful

Abhishek Abhishek
Cisco Employee
Cisco Employee

‎05-15-2013 02:57 PM

Hello,

As per your query i can suggest you the following solution-

LAP authorization can be performed in two ways:

  • Using the Internal Authorization list on the WLC
  • Using the MAC address database on an AAA server

The behaviors of the LAPs differ based on the certificate used:

  • LAPs with SSCs—The WLC will only use the Internal Authorization list and will not forward a request to a RADIUS server for these LAPs.
  • LAPs with MICs—WLC can use either the Internal Authorization list configured on the WLC or use a RADIUS server to authorize the LAPs

This document discusses LAP authorization using both the Internal Authorization list and the AAA server.

For more information refer to the link-

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00808c7234.shtml

http://technet.microsoft.com/en-us/library/cc759077(v=ws.10).aspx

Hope this will help you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card