Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5971
Views
0
Helpful
15
Replies

Wireless SSID with Certificate

sreelalggbm
Level 1
Level 1

‎09-17-2012 12:23 AM - edited ‎07-03-2021 10:40 PM

Dear All,

  I have a wireless network with cisco 5508 WLC for corporate network ,Cisco WLC for guest network, ACS 4.2, and 200 accesspoints.

Corporate SSID authentication-   WPA1 & 2  with Dot1X(Via ACS)

Guest        SSID authentication- Webauth with ACS

I need to configure an SSID for scanners.

Is there any way to configure the scanners wireless authentication via ACS with a trusted certificate?

Thanks in advance

Sreelal

Labels:
0 Helpful
15 Replies 15

Scott Fella
Hall of Fame
Hall of Fame

‎09-17-2012 01:06 AM

You need to find out if the scanners can support 802.1x. If they do, then you need to find out from the scanner manufacture how to import the trusted root cert for the certificate you have already installed in ACS. You might not need to install the trusted root cert , depending if the device has it already in the OS.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

sreelalggbm
Level 1
Level 1
In response to Scott Fella

‎09-17-2012 01:33 AM

Hai,

Thanks a lot for your reply

Scanner is supporting WPA1 & 2 with AES. But I couldnt find the option for Dot1x.

Is there any way to configure the certificate on this protocols?

Do you have any document which clearly explains the procedure for using certificate for wireless clients?

Do we need to install any certificate on the WLC?

If yes, is it posssible to install via  FTP/TFTP?

If our client is a pC or laptop, we have to install the same certifiate on Laptop and ACS correct??

thanks a lot

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎09-17-2012 01:38 AM

If the scanners do not support 802.1x then you can't use certificates. The scanners most likely only support open, WEP, wpa-tkip PSK or wpa2-aes PSK.

You have to work with what the scanners can do.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

sreelalggbm
Level 1
Level 1
In response to Scott Fella

‎09-17-2012 02:35 AM

Can you please share a document which clearly explains the procedure for using certificate for wireless clients?

0 Helpful

sreelalggbm
Level 1
Level 1
In response to Scott Fella

‎09-17-2012 04:04 AM

My Scanner supports  EAP-FAST,EAP-TLS, LEAP,PEAP,TTLS .

So I can use the certifactes correct?

Can you  advice me what is the config will be on the WLC and ACS?

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to sreelalggbm

‎09-17-2012 04:38 AM

It would be that same as you other SSID that uses dot1x.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

sreelalggbm
Level 1
Level 1
In response to Scott Fella

‎09-17-2012 05:36 AM

Do I need to install any certificate on the WLC?

Do I need to install new crtificate on ACS?

There is already one certficate installed on the WLC for webauth and another certificate.

Thanks in advance

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to sreelalggbm

‎09-17-2012 05:40 AM

The certificate on the WLC has nothing to do with dot1x.  You already have a certificate in ACS so you don't need one.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Peter Nugent
Cisco Employee
Cisco Employee
In response to Scott Fella

‎09-17-2012 09:57 AM

Wrong topic!!!!!!!!

Doh!

0 Helpful

edondurguti
Level 4
Level 4

‎09-17-2012 10:05 AM

Sree,

Do you know what kind of certificate are you using?

Is it self signed or it's a 3rd party, like go daddy, verisign etc?

When you try to connect with a windows pc for the first time do you see any error? that is asking you to connect/terminate or stuff like that.

I'd suggest using LEAP for your Scanners, or use PEAP if you have third party cert.

It all depends on what kind of cert you have :]

0 Helpful

sreelalggbm
Level 1
Level 1
In response to edondurguti

‎09-17-2012 11:02 PM

Hai,

Thanks for your reply.

Customer has one certificate server(CA). We need to generate the certficate from that CA .

Our scanner expert will load the generated certficate into the scanner

My Scanner supports  EAP-FAST,EAP-TLS, LEAP,PEAP,TTLS

So Can I go with  LEAP for scanners?

Do you have any document or steps for completeing this task?

SSID config on WLC?

ACS 4.2 Config?

On PC side what config we need to do (If we are connecting a PC to the same SSID)?

Once again thanking you !!

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎09-18-2012 12:58 AM

Wait... You said you have an SSID that is using 802.1x? Do you not know how that is configured on the radius, wlc or the client? You can do a search on Cisco's site for your configuration examples as there are many out there.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

sreelalggbm
Level 1
Level 1
In response to Scott Fella

‎09-18-2012 01:36 AM

we have SSID that is using 802.1x  This is working without certificate validation

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to sreelalggbm

‎09-18-2012 04:42 AM

So why not use the same?

It seems like you want to do EAP-TLS on a scanner... Well if that's what you want to do, you need to import a certificate into the device and that's it. Maybe modify your radius policy to allow for EAP-TLS if it's not enabled.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card