Manuals+

Cisco Catalyst 9800 Series: Locally Significant Certificates

This document provides detailed instructions for configuring Locally Significant Certificates (LSC) on Cisco Catalyst 9800 Series Wireless Controllers and Access Points. LSC enhances network security by allowing organizations to manage their own Public Key Infrastructure (PKI), providing greater control over certificate policies and authentication.

Understanding Locally Significant Certificates (LSC)

Locally Significant Certificates (LSC) enable the use of a private Certificate Authority (CA) for generating and managing certificates for Cisco Catalyst 9800 Series Wireless Controllers and Lightweight Access Points (LAPs). This approach offers enhanced security by allowing custom policies, restrictions, and usages for certificates, ensuring mutual authentication between controllers and APs.

The configuration process involves provisioning LSC certificates on the controller and then on the LAPs. Communication between LAPs and the controller utilizes the CAPWAP protocol. Certificate signing requests are initiated from the controller, which then forwards them to the CA server using the Simple Certificate Enrollment Protocol (SCEP).

Key Configuration Steps

  • Controller Configuration: Setting up PKI trustpoints, generating RSA key pairs, and enrolling certificates with the CA server.
  • Access Point Provisioning: Configuring APs to use LSC, including setting join attempts, key sizes, and subject name parameters.
  • Security Enhancements: Understanding restrictions related to FIPS mode, ECDSA cipher usage, and the importance of CA server support for protocols like EST.
  • Verification: Using CLI commands to verify LSC configuration status, trustpoint details, and AP authorization.
  • Fallback Mechanisms: Information on LSC fallback access points and troubleshooting steps when APs fail to join using LSC.

Benefits of LSC

  • Enhanced security through custom PKI management.
  • Improved control over certificate lifecycle and policies.
  • Secure mutual authentication between network devices.
  • Compliance with specific security standards and requirements.
Models: Catalyst 9800 Series Wireless Controller Software, Catalyst 9800 Series, Wireless Controller Software, Controller Software, Software

File Info : application/pdf, 30 Pages, 1.24MB

PDF preview unavailable. Download the PDF instead.

m locally significant certificates

References

DITA Open Toolkit XEP 4.30.961; modified using iText 2.1.7 by 1T3XT

Related Documents

Preview Cisco Wireless Mobility and Roaming Configuration Guide
A comprehensive guide to understanding and configuring mobility features, including intracontroller, intercontroller, and SDA roaming, on Cisco wireless controllers.
Preview Cisco Wireless Network Solution Guide
A comprehensive guide to Cisco's wireless network solutions, covering architecture, RF planning, security, mobility, and more. This document focuses on the Cisco wireless on-premises solution managed by Cisco DNA Center, highlighting its secure, scalable, and cost-effective approach to enterprise mobility.
Preview Cisco 802.11r BSS Fast Transition: Configuration Guide for Catalyst 9800 Wireless Controllers
Learn about IEEE 802.11r BSS Fast Transition for faster Wi-Fi roaming. This guide details configuration steps for Cisco Catalyst 9800 Series Wireless Controllers using CLI and GUI, covering Cisco IOS XE Amsterdam.
Preview Connecting Cisco Catalyst Access Points to the Catalyst 9800 WLC with -ROW Domain
A guide on how to connect and join Cisco Catalyst Access Points of the -ROW (Rest Of World) domain to the Wireless LAN Controller (WLC), covering configuration and troubleshooting.
Preview Cisco FlexConnect Bonjour Deployment Guide for Cisco DNA Service
A comprehensive guide detailing the deployment of Cisco DNA Service for Bonjour with Cisco FlexConnect wireless networks, enabling seamless service discovery and distribution across wired and wireless environments.
Preview Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide
This guide provides comprehensive instructions for configuring the Cisco Catalyst 9800 Series Wireless Controller with Cisco IOS XE Gibraltar 16.10.x software. It covers various aspects of wireless network setup, including basic configuration, advanced features, security, and troubleshooting.
Preview Cisco Catalyst 9136 Series Access Points Deployment Guide
A comprehensive deployment guide for Cisco Catalyst 9136 Series Access Points, covering Wi-Fi 6E technology, hexa-radio architecture, installation, configuration, and advanced features like IoT integration and AI/ML-driven scanning.
Preview Cisco Catalyst 9136 Series APs: Configuring Client Limit
This document provides instructions on how to configure client limits on Cisco Catalyst 9136 Series Access Points (APs) using both GUI and CLI methods. It covers setting limits per WLAN, per AP, and per radio, along with verification steps.