Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
574
Views
0
Helpful
4
Replies

Is this enough security?

Go to solution
mlege967
Level 1
Level 1

‎12-10-2008 02:11 PM - edited ‎07-03-2021 04:52 PM

Hello,

I have currently setup a 2106 controller with 1100 series AP's the authentication is done via radius and IAS. The certificate is installed on the domain laptops and when I connect wireless it shows up as WPA2 (Peap). As I take it you need the certificate and domain credentials and dial in access to access the network. Is there anything to worry about with this setup or is this strong enough security.

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dennischolmes
Level 7
Level 7

‎12-10-2008 03:01 PM

This should suffice for most normal networks. It may not be FIPS compliant but it is pretty stout.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
dennischolmes
Level 7
Level 7

‎12-10-2008 03:01 PM

This should suffice for most normal networks. It may not be FIPS compliant but it is pretty stout.

0 Helpful

Go to solution
mlege967
Level 1
Level 1
In response to dennischolmes

‎12-11-2008 06:42 AM

Great! Thanks!

0 Helpful

Go to solution
Joshua Engels
Level 1
Level 1
In response to mlege967

‎10-17-2013 12:14 PM

"As I take it you need the certificate and the domain credentials.........."

Actually this is incorrect and easy to misunderstand.  Authentication with PEAP only requires a Server side certificate.  It does not require that a supplicant (Laptop/ipad etc) have a certficate to connect. 

All the certificate is there for is so that the supplicant does not connect to a rogue AP.  If the supplicant does not  wish to validate the Server certificate, it WILL be able to connect with just domain user id and password.  The only protection you have from allowing someone to connect to your network using PEAP is whatever form of Radius you are using in this case.  Server side certificates DO NOT protect access.  An easy test is to use your iphone to connect and deselect "validate" certificate and just enter your user id and password and you will connect.

Feel free to contact me if you need more info.

0 Helpful

Go to solution
Joshua Engels
Level 1
Level 1
In response to Joshua Engels

‎10-17-2013 12:17 PM

Another way to understand that you do not need a certificate on the laptop is with a Windows system under the PEAP Properties, uncheck "validate server certificate".  You will connect right up.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card