Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Enabling PEAP on a 7921 handset

Hi,

Was wondering if some could assist, I have managed to install the root CA certificate on the 7921. In the PEAP enablement process on the 7921 it is mentioned that under the advanced portion of the Network Profile "true" needs to be selected under the validate certificate portion.

I cannot seem to find this on the web interface of my 7921 handset. Please find attached a screenshot.

4 REPLIES
Hall of Fame Super Red

Re: Enabling PEAP on a 7921 handset

Hi Antonio,

From the page you linked in your attached screenshot go to the Certificate Options section, as shown below :)

Configuring PEAP

Protected Extensible Authentication Protocol (PEAP) uses server-side public key certificates to authenticate clients by creating an encrypted SSL/TLS tunnel between the client and the authentication server.

--------------------------------------------------------------------------------

Note The authentication server validation can be enabled by importing the authentication server certificate.

--------------------------------------------------------------------------------

Before You Begin

Before you configure PEAP authentication for the phone, make sure these Cisco Secure ACS requirements are met:

•The ACS root certificate must be installed

•Enable the Allow EAP-MSCHAPv2 setting

•User account and password must be configured

•For password authentication, you can use the local ACS database or an external one (such as Windows or LDAP)

Enabling PEAP Authentication

To enable PEAP authentication on the phone, follow these steps:

Procedure

--------------------------------------------------------------------------------

Step 1 From the phone configuration web page, choose PEAP as the authentication mode. See Configuring the Authentication Mode.

Step 2 Enter a user name and password.

--------------------------------------------------------------------------------

Enabling PEAP (MS-CHAPv2) Server Certificate Authentication

To enable server identity validation, follow these steps:

Procedure

--------------------------------------------------------------------------------

Step 1 From the Network Profile Advance Profile page, choose PEAP as the security mode in the WLAN Security section.

Step 2 In the Certificate Options section, choose True in the Validate Server Certificate subsection. Another window displays with available certificates. The displayed fields are Type, Common Name, Issuer Name, Valid From and Valid To. You can install, export, or import certificates as required. If you are importing a certificate to the phone, you can browse the server for the file.

Step 3 If you choose EAP-TLS authentication, the User Certificate Installation page displays. You only have to enter the Common Name field in the first step to use EAP-TLS. There are four steps to complete the EAP-TLS User Certificate Installation. Click Submit when done.

http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7921g/7_0/english/administration/guide/7921cfgu.html#wp1407513

Hope this helps!

Rob

New Member

Re: Enabling PEAP on a 7921 handset

hi Rob,

Thanks for the reply.

To clarify I have uploaded the Root CA certificate.

The bit I am struggling with is this below:

"Step 2 In the Certificate Options section, choose True in the Validate Server Certificate subsection. Another window displays with available certificates. The displayed fields are Type, Common Name, Issuer Name, Valid From and Valid To. You can install, export, or import certificates as required. If you are importing a certificate to the phone, you can browse the server for the file. "

In the Network Profile Advance Profile, I dont see a "certificate options" section. I have attached a screenshot of a screenpaste of the Advanced Prfile section in my initial post.

Thanks

Hall of Fame Super Red

Re: Enabling PEAP on a 7921 handset

Hi Antonio,

Isn't it just further down the page under "Certificates" (fron screenshot)?

Rob

New Member

Re: Enabling PEAP on a 7921 handset

Hi rob,

If you click on certificates you get access to upload certificates. What I dont see is how you bind the root CA certificate to the PEAP enabled network profile.

See attached screenshot

277
Views
0
Helpful
4
Replies