Extensible Authentication Protocol - Flexible Authentication Via Secure Tunneling (Eap-Fast) - Cisco 8821 Manual

Hide thumbs Also See for 8821:

Administration manual (158 pages)

User manual (116 pages)

Accessory manual (30 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

Table of Contents

Shared Key authentication is not supported.

The Cisco Wireless IP Phone 8821 and 8821-EX also support the following additional security features.

•

Image authentication

•

Device authentication

•

File authentication

•

Signaling authentication

•

Secure Cisco Unified SRST

•

Media encryption (SRTP)

•

Signaling encryption (TLS)

•

Certificate authority proxy function (CAPF)

•

Secure profiles

•

Encrypted configuration files

•

Settings Access (can limit user access to configuration menus)

Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST)

Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) encrypts EAP transactions

within a Transport Level Security (TLS) tunnel between the access point and the Remote Authentication Dial-in User Service

(RADIUS) server such as the Cisco Access Control Server (ACS) or Cisco Identity Services Engine (ISE).

The TLS tunnel uses Protected Access Credentials (PACs) for authentication between the client (the Cisco Wireless IP Phone

8821 and 8821-EX) and the RADIUS server. The server sends an Authority ID (AID) to the client, which in turn selects the

appropriate PAC. The client returns a PAC-Opaque to the RADIUS server. The server decrypts the PAC with its master-key.

Both endpoints now have the PAC key and a TLS tunnel is created. EAP-FAST supports automatic PAC provisioning, but it

must enable don the RADIUS server.

To enable EAP-FAST, a certificate must be installed on to the RADIUS server.

The Cisco Wireless IP Phone 8821 and 8821-EX currently support automatic provisioning of the PAC only, so enable Allow

anonymous in-band PAC provisioning on the RADIUS server as shown below.

Both EAP-GTC and EAP-MSCHAPv2 must be enabled when Allow anonymous in-band PAC provisioning is enabled.

EAP-FAST requires that a user account be created on the authentication server.

Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide

Table of Contents

This manual is also suitable for:

8821-ex

Extensible Authentication Protocol - Flexible Authentication Via Secure Tunneling (Eap-Fast) - Cisco 8821 Manual

Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST)

Related Manuals for Cisco 8821

Related Content for Cisco 8821

This manual is also suitable for:

Table of Contents