5-43
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 5 Configuring Security Solutions
Configuring Local EAP
Note
If you check the PEAP check box, both PEAPv0/MSCHAPv2 or PEAPv1/GTC are enabled
on the controller.
f.
If you chose EAP-FAST and want the device certificate on the controller to be used for
authentication, check the
Local Certificate Required
check box. If you want to use EAP-FAST
with PACs instead of certificates, leave this check box unchecked, which is the default setting.
Note
This option applies only to EAP-FAST because device certificates are not used with LEAP
and are mandatory for EAP-TLS and PEAP.
g.
If you chose EAP-FAST and want the wireless clients to send their device certificates to the
controller in order to authenticate, check the
Client Certificate Required
check box. If you want
to use EAP-FAST with PACs instead of certificates, leave this check box unchecked, which is the
default setting.
Note
This option applies only to EAP-FAST because client certificates are not used with LEAP
or PEAP and are mandatory for EAP-TLS.
h.
If you chose EAP-FAST with certificates, EAP-TLS, or PEAP, choose which certificates will be sent
to the client, the ones from
Cisco
or the ones from another
Vendor
, from the Certificate Issuer
drop-down box. The default setting is Cisco.
i.
If you chose EAP-FAST with certificates or EAP-TLS and want the incoming certificate from the
client to be validated against the CA certificates on the controller, check the
Check Against CA
Certificates
check box. The default setting is enabled.
j.
If you chose EAP-FAST with certificates or EAP-TLS and want the common name (CN) in the
incoming certificate to be validated against the CA certificates’ CN on the controller, check the
Verify Certificate CN Identity
check box. The default setting is disabled.
k.
If you chose EAP-FAST with certificates or EAP-TLS and want the controller to verify that the
incoming device certificate is still valid and has not expired, check the
Check Certificate Date
Validity
check box. The default setting is enabled.
l.
Click
Apply
to commit your changes.
Step 7
If you created an EAP-FAST profile, follow these steps to configure the EAP-FAST parameters:
a.
Click
Security
>
Local EAP
>
EAP-FAST Parameters
to open the EAP-FAST Method Parameters
page (see