04-02-2008 01:13 AM - edited 07-03-2021 03:38 PM
Why do you need to configure WEP as data encryption when using EAP-TLS ?
"Ensure that Data Encryption is set to WEP"
Can't you use WPA2 ?
Gr.
Remco
Solved! Go to Solution.
04-03-2008 11:40 PM
Remco,
1. What do I have to do to configure EAP-TLS ??
In order to configure EAP-TLS the only configuration on the WLC is selection of 802.1x on the Layer 2 Security Screen.
2. Users must have a user certificate and the computers need a computer certificate. IAS Server needs a server certificate.
You RADIUS server needs to have a certificate and this needs to be added on each client to the list of trusted certificates. There is no configuration required on the controller side for this.
3. I want to use WPA/PWA2 enterprise with AES encryption. In all the documents you can see that the client is configured with WEP.
By default if you choose 801.x on the layer 2 security, WEp is used as the encryption. You have to understand these are two different things. One is encryption (TKIP/AES and another is authentication 801.x). So if you want to use WPA2 with EAP-TLS, you need to select WPA1+WPA2 as the Layer 2 Security and then select 802.1x on the same screen under "Auth Key Mgmt" select 802.1x
Let me know if this answers your question.
--
Pushkar
04-02-2008 02:54 PM
What device do you have.... WPA or WPA2 is usually the choice... not WEP. Here is a link to EAP-TLS for an WLC.
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917a6.shtml#t19
04-02-2008 05:17 PM
Remco,
If you want to use EAP-TLS as the authentication and WEP as the encryption, you need to set the following on a WLAN on the controller.
Under Security ---> Layer 2 in a WLAN, Select "Layer 2 Security" as 802.1x and the "802.1X Parameters" to WEP with the key length you want. You ACS server should be configured to do EAP-TLS. The client should also be configured appropriately.
--
Pushkar
04-03-2008 06:11 AM
What I want is this:
A secure wireless network (already did PEAP MS-CHAP v2, but want to try EAP-TLS).
What do I have to do to configure EAP-TLS ??
Users must have a user certificate and the computers need a computer certificate. IAS Server needs a server sertificate.
I want to use WPA/PWA2 enterprise with AES encryption...
In all the documents you can see that the client is configured with WEP...
Regards
Remco
04-03-2008 11:40 PM
Remco,
1. What do I have to do to configure EAP-TLS ??
In order to configure EAP-TLS the only configuration on the WLC is selection of 802.1x on the Layer 2 Security Screen.
2. Users must have a user certificate and the computers need a computer certificate. IAS Server needs a server certificate.
You RADIUS server needs to have a certificate and this needs to be added on each client to the list of trusted certificates. There is no configuration required on the controller side for this.
3. I want to use WPA/PWA2 enterprise with AES encryption. In all the documents you can see that the client is configured with WEP.
By default if you choose 801.x on the layer 2 security, WEp is used as the encryption. You have to understand these are two different things. One is encryption (TKIP/AES and another is authentication 801.x). So if you want to use WPA2 with EAP-TLS, you need to select WPA1+WPA2 as the Layer 2 Security and then select 802.1x on the same screen under "Auth Key Mgmt" select 802.1x
Let me know if this answers your question.
--
Pushkar
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: