cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5378
Views
11
Helpful
4
Replies

WLC authenticating on RADIUS Server with TLS 1.2 (802.1x)

Gabriel Grabner
Level 1
Level 1

Hi there!

 

We're operating a Cisco WLC 5508 for one of our customers. The WLC has to authenticate through a RADIUS server, which is working fine. Our customer now wants to disable TLS 1.0 on the RADIUS server, so only TLS 1.2 should be enabled. We're facing the problem that the clients can't connect to the wifi when only TLS 1.2 is enabled. Since we eliminated all other possibilities, it must be the WLC, which may not support TLS 1.2 right now. Is it possible to force the WLC use TLS 1.2 whilst authenticating on the RADIUS server? We are running software version 8.5.151.0 on the WLC, do we need an update? We couldn't find any option to enable TLS 1.2 in the settings.

 

Any help would be appreciated.

1 Accepted Solution

Accepted Solutions

Scott Fella
Hall of Fame
Hall of Fame

Just to add.... 802.1x is just a simple setting on the WLC.  The radius and the device are the two that share the certificate information.  Just make sure that the device certificates if using eap-tls does indeed use TLSv1.2.  If you disable TLSv1.0 and 1.1, then the radius will only accept certificates that use TLSv1.2.  The only setting to allow TLSv1.2 on the controllers is for the secure web for https access.

-Scott
*** Please rate helpful posts ***

View solution in original post

4 Replies 4

Thank you for your answer. We already thought that the RADIUS server could be the problem and not the WLC. We are currently working with the provider of our RADIUS to find a solution. I will keep you updated if we find a way to fix this.

Scott Fella
Hall of Fame
Hall of Fame

Just to add.... 802.1x is just a simple setting on the WLC.  The radius and the device are the two that share the certificate information.  Just make sure that the device certificates if using eap-tls does indeed use TLSv1.2.  If you disable TLSv1.0 and 1.1, then the radius will only accept certificates that use TLSv1.2.  The only setting to allow TLSv1.2 on the controllers is for the secure web for https access.

-Scott
*** Please rate helpful posts ***

Thank you for this information! We found out that the authentication happens between the client and the RADIUS, the WLC is barely involved here. So the customers server team had do change some registry keys on the RADIUS server to get TLS 1.2 working. So once again the issue was not in the network infrastructure - as always. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: