Buy or Renew
Buy or Renew
We are currently experiencing Knowledge Base board outages and are working to resolve. Thank you for your patience.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1235
Views
6
Helpful
6
Replies

Locking down corporate ssid using certificate cisco wc2100 series

Go to solution
normandaniel09
Level 1
Level 1

‎01-13-2013 04:31 PM - edited ‎07-03-2021 11:20 PM

Hi  everyone,

We need WiFi security on our corporate SSIDs locked down using certificates, we are using wlc cisco 2100 series. We need these on every workstation, laptops etc. Need help guys.

Kind regards,

Norman.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni

‎01-15-2013 02:30 AM

Hi,

If you want to install certificates on the end devices (laptops, PCs...etc) to allow them for the wireless then you need to use EAP-TLS security method.

This guide should give you good information about it:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a008009256b.shtml

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

View solution in original post

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to normandaniel09

‎01-16-2013 04:48 PM

Take a look at this doc

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807f42e9.shtml#auth-8201

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎01-13-2013 05:59 PM

Well... You will need a radius server that is hopefully also tied to you DC. This isn't really easy to explain how to do. There are many ways and it depends on your clients and what resources you have.

All I can say if you want to give this a try yourself is to search

WLC PEAP
WLC EAP-TLS

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Go to solution
normandaniel09
Level 1
Level 1
In response to Scott Fella

‎01-16-2013 02:24 PM

Hi Amjad, is this good on windows 7? If you can give me a documentation for this or step by step on how to configure this, much appreciated... one more thing, do I still need to configure group policy for the laptops?

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to normandaniel09

‎01-16-2013 03:05 PM

GPO helps push out the wireless profiles to the Windows 7 machines and also certificates if you decide to use EAP-TLS. You would need a PKI infrastructure in order to do EAP-TLS or use certificates in general and a Radius server. Microsoft has IAS (2003) or NPS (2008). Cisco has ACS or ISE.

There isn't really a one document to help. You just have to search for various parts.

Windows 7 EAP-TLS configuration example
Windows 2008 NPS EAP-TLS configuration example

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Go to solution
normandaniel09
Level 1
Level 1
In response to Scott Fella

‎01-16-2013 04:42 PM

Hi scott, please have a look on my current config...

do I have to change something here?

regards,

Norman

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to normandaniel09

‎01-16-2013 04:48 PM

Take a look at this doc

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807f42e9.shtml#auth-8201

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni

‎01-15-2013 02:30 AM

Hi,

If you want to install certificates on the end devices (laptops, PCs...etc) to allow them for the wireless then you need to use EAP-TLS security method.

This guide should give you good information about it:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a008009256b.shtml

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card