01-24-2013 10:05 AM - edited 07-03-2021 11:25 PM
I am trying to follow the Fips guide for the WLC5508 and it wants to encrypt the connection to the Radius, either with PSK key wrap or IPsec. I have the options for Ipsec only as the Windoes NPS does not support Key wrap from what a previous user confirmed for me here on the board.. But then found another post that states that the 5508 does not support IPsec?
Can anyone confirm this?
01-24-2013 02:21 PM
I believe Steve R commented on a post a while back that IPsec is no longer supported on the newer model WLC. It was an option on the 4400's.
Sent from Cisco Technical Support iPhone App
01-25-2013 06:13 AM
So the option is in the GUI but not "Actually" available?
So other than key wrap there is no other way to secure the communications between the WLC and my radius?
01-25-2013 06:16 AM
Not really..... I havent had any cleints want to do this even with ACS having the feature. I guess you could keep the WLC and the radius in the same subnet so those two can only communicate with each other. Your NPS will just ahve to communicate with AD.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
01-25-2013 06:17 AM
Thanks Scott, yeah seems a little paranoid but was curious as to meet the FIPS standard it has to be activated
01-25-2013 06:20 AM
I have never had to do that for FIPS though. Since ACS is really the only radius server to do that, I would not assume that that would be a requirement. If you do keep the WLC and the radius (NPS) in the same subnet with no other devices, I would think that would meet the requirement of securing the radius traffic. But then again, are you using radius for other things?
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide