Is current WLC 5500 Device Certificate required for EAP-TLS to work?

In the document below I see that WLC device certificate be installed on the Cisco WLC as part of the overall getting EAP working process. If the device certificate expires - what would be the impact of any configured EAP-TLS? PEAP? It seems like I've read elsewhere that the certificates that mattered for EAP-TLS were on the wireless client and at the RADIUS server.

You can view the device certificate via WLC GUI at Security/IPSec Certs/ID Certs.

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/100590-ldap-eapfast-config.html
LVL 1
amigan_99Network EngineerAsked:
Who is Participating?
 
Craig BeckConnect With a Mentor Commented:
You only need a certificate on the WLC if you're doing local EAP or web-auth.

To process EAP-style authentication with RADIUS it's not necessary to have a certificate on the WLC; only on the RADIUS server. Depending on the type of EAP authentication used you may also need a certificate on the client too.
1
 
amigan_99Network EngineerAuthor Commented:
That explains exactly what I saw among a group of WLC's - some with expired certs and some not. And it turns out the ones with good certs were doing EAP-TLS but with local EAP. Thank you very much for clarifying this!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.