Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
740
Views
20
Helpful
4
Replies

Machine Certificate + VWLC + RADIUS

Go to solution
jspobuk
Level 1
Level 1

‎04-11-2022 08:41 PM

Hello, 

Looking for a very high level explanation.  I am trying to accomplish:

Tablet wirelessly connecting to existing RADIUS through VWLC

 

I need the certificate to be machine based, not user based.  I think.  I know the tablet needs to connect automatically without prompting for a user name and password. 

 

I am using WPA2 Enterprise Security

 

I am looking for direction on how to generate the necessary certificates so that the tablet is authenticated by the RADIUS server when connected.  

 

What certificate template do I use?

 

Do I generate the certificates through the VWLC? 

 

Where do I store the certificates?  Does it have to be on VWLC and tablet?  Or just tablet?

 

Thank you, 

John

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ammahend
VIP
VIP

‎04-12-2022 02:47 AM - edited ‎04-12-2022 03:59 AM

as others mentioned you need a PKI infrastructure. 
What certificate template do I use?
workstation authentication template, when you go to manage template

 

Do I generate the certificates through the VWLC? 

No, vWLC is not a certificate authority. 

 

Where do I store the certificates?  Does it have to be on VWLC and tablet?  Or just tablet?

the client cert will be stored on client machine, server certificate will be on your Radius server, they both also need certificate authority root certificate to trust each other. 

See this video it might help.

https://youtu.be/SgAjEuCAFzE


Hope this helps

-hope this helps-

View solution in original post

4 Replies 4

Go to solution
johnd2310
Level 8
Level 8

‎04-11-2022 08:51 PM

HI,

What radius server are you using, Cisco ISE or  Microsoft NPS?

The following doc should explain certificate  based authentication and how to configure it.

 

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/213543-configure-eap-tls-flow-with-ise.html

 

Thanks

John

**Please rate posts you find helpful**

Go to solution
jspobuk
Level 1
Level 1
In response to johnd2310

‎04-11-2022 09:15 PM

Thank you for the quick response. We are using Microsoft NPS.
0 Helpful

Go to solution
johnd2310
Level 8
Level 8
In response to jspobuk

‎04-11-2022 10:24 PM

Hi,

You will need to configure your Microsoft infrastructure to support certificate  authentication. Check the following docs:

https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/deploy-server-certificates-for-802.1x-wired-and-wireless-deployments

 

Use the doc i previously attached for the cisco Wireless controller configuration.

 

Thanks

John

**Please rate posts you find helpful**

Go to solution
ammahend
VIP
VIP

‎04-12-2022 02:47 AM - edited ‎04-12-2022 03:59 AM

as others mentioned you need a PKI infrastructure. 
What certificate template do I use?
workstation authentication template, when you go to manage template

 

Do I generate the certificates through the VWLC? 

No, vWLC is not a certificate authority. 

 

Where do I store the certificates?  Does it have to be on VWLC and tablet?  Or just tablet?

the client cert will be stored on client machine, server certificate will be on your Radius server, they both also need certificate authority root certificate to trust each other. 

See this video it might help.

https://youtu.be/SgAjEuCAFzE


Hope this helps

-hope this helps-
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card