Cisco Cisco DX70 Design Guide
Cisco DX Series Wireless LAN Deployment Guide
109
Note: CCKM will be negotiated if enabled on the access point when using EAP-FAST, EAP-TLS or PEAP.
WEP128 is listed as WEP104 on the Cisco Unified Wireless LAN Controllers.
Shared Key authentication and 802.1x + Dynamic WEP are not supported.
The Cisco DX Series can remember up to 8 wireless LANs profiles.
If unable to add a network, check to see if the max number of wireless LAN profiles has been met already, where one of those
wireless LAN profiles may need to be deleted manually in order to add a new network.
For more information, refer to the Cisco DX Series Administration Guide at this URL:
http://www.cisco.com/c/en/us/support/collaboration-endpoints/desktop-collaboration-experience-dx600-series/products-
maintenance-guides-list.html
maintenance-guides-list.html
Installing Certificates
The Cisco DX Series supports X.509 digital certificates, which can be utilized with EAP-TLS or for authentication server
validation when using PEAP.
Extensible Authentication Protocol - Transport Layer Security (EAP-TLS) is using the TLS protocol with PKI to secure
communications to the authentication server.
TLS provides a way to use certificates for both user and server authentication and for dynamic session key generation.
EAP-TLS provides excellent security, but requires client certificate management.
Microsoft® Certificate Authority (CA) servers are recommended as we have certified interoperability only with those CA types.
Other CA server types may not be completely interoperable with the Cisco DX Series.
validation when using PEAP.
Extensible Authentication Protocol - Transport Layer Security (EAP-TLS) is using the TLS protocol with PKI to secure
communications to the authentication server.
TLS provides a way to use certificates for both user and server authentication and for dynamic session key generation.
EAP-TLS provides excellent security, but requires client certificate management.
Microsoft® Certificate Authority (CA) servers are recommended as we have certified interoperability only with those CA types.
Other CA server types may not be completely interoperable with the Cisco DX Series.
Both DER and Base-64 (PEM) encoding are acceptable for the client and server certificates.
Certificates with a key size of 1024, 2048, and 4096 are supported.
Ensure the client and server certificates are signed using either the SHA-1 or SHA-2 algorithm, as the SHA-3 signature
algorithms are not supported.
Ensure Client Authentication is listed in the Enhanced Key Usage section of the user certificate details.
Certificates with a key size of 1024, 2048, and 4096 are supported.
Ensure the client and server certificates are signed using either the SHA-1 or SHA-2 algorithm, as the SHA-3 signature
algorithms are not supported.
Ensure Client Authentication is listed in the Enhanced Key Usage section of the user certificate details.