Certficates on a 7921

Unanswered Question
Aug 31st, 2008
User Badges:

Hi,

My client requires I load a certificate on his 7921 phone with which the phone will authenticate to his radius server. Is this supported on the 7921, and any suggestions on what guide I can use.


I have gone trough a couple but no luck.


Thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Sun, 08/31/2008 - 14:31
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

What type of encryption method does your client want to use? EAP-TLS? Here is a link to the supported protocols and how to import a certificate to the 7921 phones.


http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7921g/7_0/english/administration/guide/7921cfgu.html#wp1376129


http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/vowlan/41dg/vowlan_ch10.html#wp1045851

migilles Thu, 09/11/2008 - 09:50
User Badges:
  • Cisco Employee,

We know support server validation with PEAP (MS-CHAPv2) in the 1.2(1) release as well. Would import the authentication server cert into the phone via the 7921 webpage.

Scott Fella Fri, 09/12/2008 - 04:00
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Micheal,


Do you know if there is a bug out that. I heard and not able to try to see if you validate the wrong server cert, that it will still pass authentication?

migilles Tue, 09/16/2008 - 13:21
User Badges:
  • Cisco Employee,

The 1.2(1) release notes indicate that you can now do server validation when using PEAP (MS-CHAPv2). Will have to enable this though as it's disabled by default. Then of course import the authentication server certs into the 7921G phone. This was an enhancement to the original design a was tracked under CSCsm88078.


http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7921g/firmware/1_2_1/english/release/notes/7921_12.html

Actions

This Discussion