Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1023
Views
0
Helpful
7
Replies

7921 PEAP and Microsoft IAS

Go to solution
aciscolook
Level 1
Level 1

‎02-05-2008 12:45 PM - edited ‎07-03-2021 03:20 PM

I just set up a 7921 to authenticate using PEAP, a WLC 4402 as a Radius Client to a Microsoft IAS. The phone authenticated but I hadn't even installed a Trusted Root Certificate on the phone to validate the MS IAS server's machine certificate. Does 7921 PEAP not require server validation by default? IF so, how can I enable this important security feature?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
migilles
Cisco Employee
Cisco Employee
In response to aciscolook

‎02-05-2008 04:10 PM

7921 PEAP implementation does not validate the authentication server cert.

We may look into this for the future.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
migilles
Cisco Employee
Cisco Employee

‎02-05-2008 02:53 PM

7921 PEAP implementation doesn't require and doesn't allow local client certificate to be installed.

0 Helpful

Go to solution
aciscolook
Level 1
Level 1
In response to migilles

‎02-05-2008 03:38 PM

I know that PEAP doesn't require client certificate. I meant my radius server's machine certificate is from a Windows domain issued by a windows Certificate Authority. I never installed the Trusted Root Authority cetificate into the 7921 phone so how can it validate the radius server's certificate unless it doesn't validate by default. If this is the case how can I force the 7921 client to validate server's certificate?

0 Helpful

Go to solution
migilles
Cisco Employee
Cisco Employee
In response to aciscolook

‎02-05-2008 04:10 PM

7921 PEAP implementation does not validate the authentication server cert.

We may look into this for the future.

0 Helpful

Go to solution
aciscolook
Level 1
Level 1
In response to migilles

‎02-05-2008 05:41 PM

Thanks again for the information.

0 Helpful

Go to solution
Michel.thebeau
Level 1
Level 1
In response to migilles

‎08-06-2008 11:50 AM

Hi,

I was wondering if this response about PEAP not validating the server cert is still valid today?

Thanks,

Michel

0 Helpful

Go to solution
migilles
Cisco Employee
Cisco Employee
In response to Michel.thebeau

‎08-06-2008 01:42 PM

Yes in 1.1(1) firmware it does not have the capability to use a client certificate to validate the server identity, but this will be in the next release 1.2(1) that is coming out shortly.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card