EAP-FAST and Radius Server Certificates

Unanswered Question
Jul 9th, 2007
User Badges:

Dear All,

we plan to use EAP-FAST for the authentification of client devices but would like to increase the security by using PKI-Server Certificates for the ACS Radius Server. Do you know if that is possible ? Or do we need PEAP for Radius Server Certificate validation ?

Thanks very much.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Mon, 07/09/2007 - 08:57
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


As far a i know EAP-FAST will not support server side certificates. EAP-FAST was developed to address the deficiencies in LEAP and one of the key design requirements was that it did not use certificates which made it relatively easy to deploy.

If you want server validation with certificates then PEAP is the way to go.



Jagdeep Gambhir Mon, 07/09/2007 - 09:36
User Badges:
  • Red, 2250 points or more


Under FAST settings, it is possible to specify Validate Server Certificate, which permits the client to validate the EAP-FAST server (ACS) certificate prior to the establishment of an EAP-FAST session.

This provides protection for the client devices from connection to an unknown or rogue EAP-FAST server and inadvertent submittal of their authentication credentials to an untrusted source. This does require that the ACS server have a certificate installed and the client also has the correspondent Root Certificate Authority certificate installed.



Please rate if that helps


This Discussion



Trending Topics - Security & Network