Enabling PEAP on a 7921 handset

Unanswered Question

Hi,


Was wondering if some could assist, I have managed to install the root CA certificate on the 7921. In the PEAP enablement process on the 7921 it is mentioned that under the advanced portion of the Network Profile "true" needs to be selected under the validate certificate portion.


I cannot seem to find this on the web interface of my 7921 handset. Please find attached a screenshot.





Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Rob Huffman Thu, 03/12/2009 - 06:20
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Antonio,


From the page you linked in your attached screenshot go to the Certificate Options section, as shown below :)


Configuring PEAP

Protected Extensible Authentication Protocol (PEAP) uses server-side public key certificates to authenticate clients by creating an encrypted SSL/TLS tunnel between the client and the authentication server.




--------------------------------------------------------------------------------


Note The authentication server validation can be enabled by importing the authentication server certificate.



--------------------------------------------------------------------------------


Before You Begin

Before you configure PEAP authentication for the phone, make sure these Cisco Secure ACS requirements are met:


•The ACS root certificate must be installed


•Enable the Allow EAP-MSCHAPv2 setting


•User account and password must be configured


•For password authentication, you can use the local ACS database or an external one (such as Windows or LDAP)


Enabling PEAP Authentication

To enable PEAP authentication on the phone, follow these steps:


Procedure



--------------------------------------------------------------------------------


Step 1 From the phone configuration web page, choose PEAP as the authentication mode. See Configuring the Authentication Mode.


Step 2 Enter a user name and password.



--------------------------------------------------------------------------------


Enabling PEAP (MS-CHAPv2) Server Certificate Authentication

To enable server identity validation, follow these steps:


Procedure



--------------------------------------------------------------------------------


Step 1 From the Network Profile Advance Profile page, choose PEAP as the security mode in the WLAN Security section.


Step 2 In the Certificate Options section, choose True in the Validate Server Certificate subsection. Another window displays with available certificates. The displayed fields are Type, Common Name, Issuer Name, Valid From and Valid To. You can install, export, or import certificates as required. If you are importing a certificate to the phone, you can browse the server for the file.


Step 3 If you choose EAP-TLS authentication, the User Certificate Installation page displays. You only have to enter the Common Name field in the first step to use EAP-TLS. There are four steps to complete the EAP-TLS User Certificate Installation. Click Submit when done.



http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7921g/7_0/english/administration/guide/7921cfgu.html#wp1407513



Hope this helps!

Rob

hi Rob,


Thanks for the reply.


To clarify I have uploaded the Root CA certificate.

The bit I am struggling with is this below:

"Step 2 In the Certificate Options section, choose True in the Validate Server Certificate subsection. Another window displays with available certificates. The displayed fields are Type, Common Name, Issuer Name, Valid From and Valid To. You can install, export, or import certificates as required. If you are importing a certificate to the phone, you can browse the server for the file. "


In the Network Profile Advance Profile, I dont see a "certificate options" section. I have attached a screenshot of a screenpaste of the Advanced Prfile section in my initial post.


Thanks



Rob Huffman Thu, 03/12/2009 - 07:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Antonio,


Isn't it just further down the page under "Certificates" (fron screenshot)?


Rob

Actions

This Discussion