05-22-2019 06:41 AM - edited 07-05-2021 10:26 AM
We found a couple of old 1141N AP's in our network that were not associated with the controller. Upon investigation I found that the MIC had expired. We are currently running 8.3.133 on the controllers. If this command is used in the shot term, (until I can replace them with new models) it will only be relevant to AP's with an expired MIC and not affect any other AP's from what I have read correct? Also would this leave them open to man-in-the middle attacks? Thank in advance!
Solved! Go to Solution.
05-22-2019 07:28 AM
- Yes, that is correct, those with valid certs (not expired) will not be prone to man-in-the-middle attacks.
M.
05-22-2019 07:28 AM
- Yes, that is correct, those with valid certs (not expired) will not be prone to man-in-the-middle attacks.
M.
05-22-2019 07:36 AM
Thank you M. just wanted to make sure. I will be replacing the access points tomorrow so I won't need to use the command but wanted a second set of eyes on it.
10-14-2020 08:43 AM
Hi Marce - Do you know if the older APs "with expired" certs will be vulnerable to MIMs?
thanks
07-14-2022 01:18 AM
Hello Marce,
07-14-2022 02:37 AM
03-27-2020 06:31 AM
How do you determine the MIC on the expired AP?
03-27-2020 08:30 AM
AP_CLI#sh crypto pki certificates
Look for the line containing end date
M.
01-12-2022 07:02 PM
AP_CLI#sh crypto pki certificates
Does the AP check?
Does WLC check?
If I use config ap cert-expiry-ignore mic enable on WLC 5520 model, is AP OK in MIC authentication?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide