Name: Cisco 2100 Series
Brand: Cisco
Rating: 5 (1 reviews)

To Next Page

To Previous Page

5-47

Cisco Wireless LAN Controller Configuration Guide

OL-17037-01

Chapter 5 Configuring Security Solutions

Configuring Local EAP

Note To delete a local EAP profile, enter this command: config local-auth eap-profile delete

profile_name.

Step 7 To add an EAP method to a local EAP profile, enter this command:

config local-auth eap-profile method add method profile_name

The supported methods are leap, fast, tls, and peap.

Note If you choose peap, both PEAPv0/MSCHAPv2 or PEAPv1/GTC are enabled on the controller.

Note You can specify more than one EAP type per profile. However, if you create a profile with

multiple EAP types that use certificates (such as EAP-FAST with certificates, EAP-TLS,

PEAPv0/MSCHAPv2, and PEAPv1/GTC), all of the EAP types must use the same certificate

(from either Cisco or another vendor).

Note To delete an EAP method from a local EAP profile, enter this command: config local-auth

eap-profile method delete method profile_name.

Step 8 To configure EAP-FAST parameters if you created an EAP-FAST profile, enter this command:

config local-auth method fast ?

where ? is one of the following:

• anon-prov {enable | disable}—Configures the controller to allow anonymous provisioning, which

allows PACs to be sent automatically to clients that do not have one during PAC provisioning.

• authority-id auth_id—Specifies the authority identifier of the local EAP-FAST server.

• pac-ttl days—Specifies the number of days for the PAC to remain viable.

• server-key key—Specifies the server key used to encrypt and decrypt PACs.

Step 9 To configure certificate parameters per profile, enter these commands:

• config local-auth eap-profile method fast local-cert {enable | disable} profile_name—

Specifies whether the device certificate on the controller is required for authentication.

Note This command applies only to EAP-FAST because device certificates are not used with

LEAP and are mandatory for EAP-TLS and PEAP.

• config local-auth eap-profile method fast client-cert {enable | disable} profile_name—

Specifies whether wireless clients are required to send their device certificates to the controller in

order to authenticate.

Note This command applies only to EAP-FAST because client certificates are not used with

LEAP or PEAP and are mandatory for EAP-TLS.

Cisco 2100 Series Configuration Guide

Other manuals for Cisco 2100 Series