When it is time to renew the PAC, then authenticated in-band PAC provisioning will be used, so ensure that Allow
authenticated in-band PAC provisioning is enabled.
Ensure that the Cisco Unified Wireless IP Phone 7925G, 7925G-EX, and 7926G has connected to the network during the grace
period to ensure it can use its existing PAC created either using the active or retired master key in order to get issued a new
PAC.
Is recommended to only have the staging wireless LAN pointed to the staging ACS server and to disable the staging access
point radios when not being used.
Extensible Authentication Protocol – Transport Layer Security (EAP-TLS)
Extensible Authentication Protocol Transport Layer Security (EAP-TLS) is using the TLS protocol with PKI to secure
communications to the authentication server.
TLS provides a way to use certificates for both user and server authentication and for dynamic session key generation.
Either the internal Manufacturing Installed Certificate (MIC) or a user installed certificate can be used for authentication.
EAP-TLS provides excellent security, but requires client certificate management.
Ensure that Certificate CN Comparison is selected when enabling EAP-TLS.
To Next Page
Loading...
