×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

cisco AP disable PEAP server certificate validation

Unanswered Question
Jan 6th, 2014
User Badges:

Hi,


My question if it is possible on Cisco 1600 AP's  to  disable the server certificate validation on a dot1x peap authentication method (please provide if any the appropiate CLI)

I now the in PEAP for a PEAP user implementation you want to validate the the server as that this is PEAP phase 1.


But we want only user PEAP as machine authentication, which I don't care the validation of the server. hence like in Windows you have a check box, so you can disable the validation of it.


Thanks in advance,


Kind regards,


Michel

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
George Stefanick Mon, 01/06/2014 - 05:01
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

If I understand you correctly. The ap delivers the certificate to the supplicant the supplicant then validates or not the certificate. The ap has nothing to do with that process. This is supplicant dependent ..

Sent from Cisco Technical Support iPhone App

michelbijnsdorp Mon, 01/06/2014 - 05:12
User Badges:

Not really, let me explain the toplogy;


we want to enable 802.1x on the network switches and let the Cisco AP authenticate the AP (PEAP-MSCHAPv2) on the switch via 802.1x. Therefore we specify the following config on the AP:



eap profile PEAP

method peap

!

dot1x credentials test

username

password xxxxxx

!

interface GigabitEthernet0

dot1x pae supplicant

dot1x credentials test

dot1x supplicant eap profile PEAP




The question is the a possebility to disable the server certificate validation (as like in Windows) because we want to verify the AP, and yes I know for PEAP-user implementation it is a good practise to validate the server certificate.


Kind regards,


Michel

George Stefanick Mon, 01/06/2014 - 06:50
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Got it ..


I know on the PEAP side of the AP you have to install a cert becuase the AP vaildates the certificate, like you are explaining. I dont think you can turn this off. Depending on your solution; ISE you can use MAB to get around this. Lets see if anyone comes back with anything. I will also check around ..


__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

Actions

This Discussion