Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Is this enough security?

Hello,

I have currently setup a 2106 controller with 1100 series AP's the authentication is done via radius and IAS. The certificate is installed on the domain laptops and when I connect wireless it shows up as WPA2 (Peap). As I take it you need the certificate and domain credentials and dial in access to access the network. Is there anything to worry about with this setup or is this strong enough security.

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Is this enough security?

This should suffice for most normal networks. It may not be FIPS compliant but it is pretty stout.

4 REPLIES

Re: Is this enough security?

This should suffice for most normal networks. It may not be FIPS compliant but it is pretty stout.

New Member

Re: Is this enough security?

Great! Thanks!

New Member

Is this enough security?

"As I take it you need the certificate and the domain credentials.........."

Actually this is incorrect and easy to misunderstand.  Authentication with PEAP only requires a Server side certificate.  It does not require that a supplicant (Laptop/ipad etc) have a certficate to connect. 

All the certificate is there for is so that the supplicant does not connect to a rogue AP.  If the supplicant does not  wish to validate the Server certificate, it WILL be able to connect with just domain user id and password.  The only protection you have from allowing someone to connect to your network using PEAP is whatever form of Radius you are using in this case.  Server side certificates DO NOT protect access.  An easy test is to use your iphone to connect and deselect "validate" certificate and just enter your user id and password and you will connect.

Feel free to contact me if you need more info.

New Member

Is this enough security?

Another way to understand that you do not need a certificate on the laptop is with a Windows system under the PEAP Properties, uncheck "validate server certificate".  You will connect right up.

245
Views
0
Helpful
4
Replies