4-24
Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified Communications Manager Release 7.0
OL-15985-01
Chapter 4 Using the Cisco Unified Wireless IP Phone 7921G Web Pages
Configuring Network Profiles
Step 3
On the ACS Certification Authority Setup page, add the Manufacturing Root Certificate and
Manufacturing CA Certificate to the ACS server.
Step 4
Enable both the Manufacturing Root Certificate and Manufacturing CA Certificate in the ACS
Certificate Trust List.
Configuring PEAP
Protected Extensible Authentication Protocol (PEAP) uses server-side public key certificates to
authenticate clients by creating an encrypted SSL/TLS tunnel between the client and the authentication
server.
Note
The authentication server validation can be enabled by importing the authentication server certificate.
Before You Begin
Before you configure PEAP authentication for the phone, make sure these Cisco Secure ACS
requirements are met:
•
The ACS root certificate must be installed
•
Enable the Allow EAP-MSCHAPv2 setting
•
User account and password must be configured
•
For password authentication, you can use the local ACS database or an external one (such as
Windows or LDAP)
Enabling PEAP Authentication
To enable PEAP authentication on the phone, follow these steps:
Procedure
Step 1
From the phone configuration web page, choose PEAP as the authentication mode. See
Configuring the
Authentication Mode, page 4-15
.
Step 2
Enter a user name and password.
Enabling PEAP (MS-CHAPv2) Server Certificate Authentication
To enable server identity validation, follow these steps:
Procedure
Step 1
From the Network Profile Advance Profile page, choose PEAP as the security mode in the WLAN
Security section.