Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

EAP-TLS with WLC 4404 (Which Layer 2 option do I choose)

Hi All,

I want to setup a WLAN that uses EAP-TLS.

WiFi PC <-----> LWAP <------> WLC <----> Radius Server

Under the Layer 2 tab for security on the WLC what option do I use for the following :-

Layer 2 Security (I am assuming WPA+WPA2 as that what the laptops will be using)

Auth Key Mgmt ?

I am a bit confused by the 802.1x in both of these fields, one for Layer two Security and one for Auth Key Mgmt?

Many thx indeed guys,

Ken

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: EAP-TLS with WLC 4404 (Which Layer 2 option do I choose)

You would choose Layer 2 Security: WPA+WPA2

Then on the WPA+WPA2 Parameters choose WPA2 Policy with WPA2 Encryption. Under Auth Key Mgmt choose 802.1x.

Now if you require the use of WPA Policy, then also choose TKIP for that.

Then for your AAA Server tab choose your radius servers.

That is it.

-Scott
*** Please rate helpful posts ***
5 REPLIES
Hall of Fame Super Silver

Re: EAP-TLS with WLC 4404 (Which Layer 2 option do I choose)

You would choose Layer 2 Security: WPA+WPA2

Then on the WPA+WPA2 Parameters choose WPA2 Policy with WPA2 Encryption. Under Auth Key Mgmt choose 802.1x.

Now if you require the use of WPA Policy, then also choose TKIP for that.

Then for your AAA Server tab choose your radius servers.

That is it.

-Scott
*** Please rate helpful posts ***
New Member

Re: EAP-TLS with WLC 4404 (Which Layer 2 option do I choose)

Thx fella :)

I chose 802.1x+cckm for fast roaming. Any caveats to this, as we will be testing 7921 phones on this test WLAN also?

Many thx

Ken

Hall of Fame Super Silver

Re: EAP-TLS with WLC 4404 (Which Layer 2 option do I choose)

It shouldn't be a problem. Here is the 7921 delpoyment guide that you should also look at.

http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7921g/6_0/english/deployment/guide/7921dply.pdf

-Scott
*** Please rate helpful posts ***
New Member

Re: EAP-TLS with WLC 4404 (Which Layer 2 option do I choose)

Thx very much mate :)

Hall of Fame Super Silver

Re: EAP-TLS with WLC 4404 (Which Layer 2 option do I choose)

Not a problem... with 1.2(1) you can validate the server certificate.

http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7921g/firmware/1_2_1/english/release/notes/7921_12.html#wp213768

-Scott
*** Please rate helpful posts ***
339
Views
0
Helpful
5
Replies
CreatePlease to create content