Cisco Cisco Aironet 350 Access Points 기술 매뉴얼
Introduction
This document provides a sample configuration for Extensible Authentication Protocol−Transport Layer
Security (EAP−TLS) Version 1.01.
Security (EAP−TLS) Version 1.01.
Note: This document assumes that you use Microsoft Certificate Authority (CA). While you can use a
self−signed certificate, Cisco highly discourages this practice, and this document does not cover self−signed
certificates. The default expiration period of the self−signed certificates is only one year, and you cannot
change this setting. This is fairly standard for server certificates. However, the self−signed certificate also acts
as the root CA certificate. Therefore, you need to install the new certificate on every client every year unless
you do not check the Validate Server Certificate option. A real CA must be available to obtain the client
certificates anyway, and so, there is really no reason to employ self−signed certificates with EAP−TLS.
self−signed certificate, Cisco highly discourages this practice, and this document does not cover self−signed
certificates. The default expiration period of the self−signed certificates is only one year, and you cannot
change this setting. This is fairly standard for server certificates. However, the self−signed certificate also acts
as the root CA certificate. Therefore, you need to install the new certificate on every client every year unless
you do not check the Validate Server Certificate option. A real CA must be available to obtain the client
certificates anyway, and so, there is really no reason to employ self−signed certificates with EAP−TLS.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these software and hardware versions:
Access Point (AP) 12.02T1
•
Access Control Server (ACS) 3.1, 3.2, and 3.3
•
Windows 2000 and XP
•
Enterprise Root Certificate Authority (CA)
•
The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
Conventions
Refer to the Cisco Technical Tips Conventions for more information on document conventions.
Configure
In this section, you are presented with the information to configure the features described in this document.
Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the
commands used in this section.
commands used in this section.
Install the Microsoft Certificate (CA) Server
Complete these steps:
Choose Start > Settings > Control Panel.
1.
Click Add/Remove Programs in the Control Panel.
2.
Select Add/Remove Windows Components.
3.
Select Certificate Services.
4.