07-15-2013 08:59 AM - edited 07-04-2021 12:25 AM
Hi,
have you any experience about deploying self signed certificate for WLC?
07-15-2013 10:03 AM
What do you really mean? The WLC has a self signed certificate already and you always can regenerate that certificate. It will not generate a self signed for other devices.
Sent from Cisco Technical Support iPhone App
07-16-2013 06:59 AM
I mean that I want to trust my laptop
07-16-2013 07:07 AM
You would need a CA to do that. The WLC will only generate a certificate for itself, not for end devices.
what exactly are you looking to do?
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
07-16-2013 08:14 AM
Hi Steve,
I'm looking after a way to solve the problem of repetitive re-authentication by using Certificate (delivred by my company) and with using also either EAP-TLS or EAP-PEAP or both.
PS: I want that with the corporate's asset the emplyee hasn't to authenticate himself each time he want access to wireless
Regards,
07-16-2013 08:22 AM
That is easily doable via either EAP-TLS or PEAP. With TLS you need to have a PKI infrastructure in place already, and you would issue certificates to the machines and possibly to the users. Though you can just do machine authentication to get the laptop connected, then the user credentials will pass to your AD server to allow the user to logon.
Or you can do PEAP. By default WZC will use the logon credentials to the laptop. So, if the machine is a corporate device, when they logon to it, WZC will send those credentials to your AAA server, if they are valid user gets on. And as the credentials are cached on the laptop, the user shouldn't need to provide them, though hiccups do happen.
So from the WLC perspective you set the WLAN to be WPA2/AES/802.1x. Define the AAA server, and test.
http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080bfb19a.shtml
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
07-15-2013 03:35 PM
Hello Sali,
As per your query i can suggest you the following solution-
Complete these steps from the CLI:
The command is config auth-list ap-policy ssc enable.
(Cisco Controller) >config auth-list ap-policy ssc enable
The command is config auth-list add ssc AP_MAC AP_key.
(Cisco Controller) >config auth-list add ssc 00:0e:84:32:04:f0
9e4ddd8dfcdd8458ba7b273fc37284b31a384eb9
For more information please refer to the link-
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00806a426c.shtml
Hope this will help you.
07-16-2013 08:22 PM
Hello,
Please take a look at this short cisco doc. Hope it helps.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide