Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1004
Views
0
Helpful
3
Replies

cisco AP disable PEAP server certificate validation

michelbijnsdorp
Level 1
Level 1

‎01-06-2014 04:45 AM - edited ‎03-10-2019 09:14 PM

Hi,

My question if it is possible on Cisco 1600 AP's  to  disable the server certificate validation on a dot1x peap authentication method (please provide if any the appropiate CLI)

I now the in PEAP for a PEAP user implementation you want to validate the the server as that this is PEAP phase 1.

But we want only user PEAP as machine authentication, which I don't care the validation of the server. hence like in Windows you have a check box, so you can disable the validation of it.

Thanks in advance,

Kind regards,

Michel

Labels:
0 Helpful
3 Replies 3

George Stefanick
VIP Alumni
VIP Alumni

‎01-06-2014 05:01 AM

If I understand you correctly. The ap delivers the certificate to the supplicant the supplicant then validates or not the certificate. The ap has nothing to do with that process. This is supplicant dependent ..

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

michelbijnsdorp
Level 1
Level 1
In response to George Stefanick

‎01-06-2014 05:12 AM

Not really, let me explain the toplogy;

we want to enable 802.1x on the network switches and let the Cisco AP authenticate the AP (PEAP-MSCHAPv2) on the switch via 802.1x. Therefore we specify the following config on the AP:

eap profile PEAP

method peap

!

dot1x credentials test

username

password xxxxxx

!

interface GigabitEthernet0

dot1x pae supplicant

dot1x credentials test

dot1x supplicant eap profile PEAP

The question is the a possebility to disable the server certificate validation (as like in Windows) because we want to verify the AP, and yes I know for PEAP-user implementation it is a good practise to validate the server certificate.

Kind regards,

Michel

0 Helpful

George Stefanick
VIP Alumni
VIP Alumni
In response to michelbijnsdorp

‎01-06-2014 06:50 AM

Got it ..

I know on the PEAP side of the AP you have to install a cert becuase the AP vaildates the certificate, like you are explaining. I dont think you can turn this off. Depending on your solution; ISE you can use MAB to get around this. Lets see if anyone comes back with anything. I will also check around ..

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents