EAP-TLS with WLC 4404 (Which Layer 2 option do I choose)

Answered Question
Sep 11th, 2008
User Badges:

Hi All,


I want to setup a WLAN that uses EAP-TLS.


WiFi PC <-----> LWAP <------> WLC <----> Radius Server


Under the Layer 2 tab for security on the WLC what option do I use for the following :-


Layer 2 Security (I am assuming WPA+WPA2 as that what the laptops will be using)


Auth Key Mgmt ?



I am a bit confused by the 802.1x in both of these fields, one for Layer two Security and one for Auth Key Mgmt?


Many thx indeed guys,


Ken



Correct Answer by Scott Fella about 8 years 9 months ago

You would choose Layer 2 Security: WPA+WPA2

Then on the WPA+WPA2 Parameters choose WPA2 Policy with WPA2 Encryption. Under Auth Key Mgmt choose 802.1x.


Now if you require the use of WPA Policy, then also choose TKIP for that.


Then for your AAA Server tab choose your radius servers.


That is it.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Scott Fella Thu, 09/11/2008 - 13:12
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

You would choose Layer 2 Security: WPA+WPA2

Then on the WPA+WPA2 Parameters choose WPA2 Policy with WPA2 Encryption. Under Auth Key Mgmt choose 802.1x.


Now if you require the use of WPA Policy, then also choose TKIP for that.


Then for your AAA Server tab choose your radius servers.


That is it.

kfarrington Thu, 09/11/2008 - 23:25
User Badges:

Thx fella :)


I chose 802.1x+cckm for fast roaming. Any caveats to this, as we will be testing 7921 phones on this test WLAN also?


Many thx

Ken

Scott Fella Fri, 09/12/2008 - 03:25
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

It shouldn't be a problem. Here is the 7921 delpoyment guide that you should also look at.


http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7921g/6_0/english/deployment/guide/7921dply.pdf



Scott Fella Fri, 09/12/2008 - 03:40
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Actions

This Discussion

 

 

Trending Topics - Security & Network