Description:

This document describes some preliminary steps that are required before you use EAP-TLS certificates with LANCOM WLAN controllers.

One possible application made feasible by using EAP-TLS certificates in WLCs is the implementation of certificate-based WLAN connections according to IEEE 802.1X.

Note:
Without the settings described in the following, the EAP-TLS certificate uploaded to the WLAN controller will be overwritten by a certificate created by the WLC every time the device reboots.


Requirements:


Procedure:

1) Before you upload an EAP-TLS certificate to a LANCOM WLC, you must first open the configuration of the WLC in LANconfig and, in the menu Certificates -> SCEP client, click the Certificate table button and delete the RADIUS certificate listed there.



2) Write the modified configuration back to the LANCOM WLC.

3) With the mouse cursor, right-click on the LANCOM WLC and select the option Configuration management -> Upload a certificate or file....



4) Set the path to the EAP-TLS certificate file and choose the following parameters:
  • File type: Certificate files
  • Certificate type: EAP-TLS - container as PKCS#12 file
  • Password: Here you enter a password to protect the certificate file.

5) To check whether the uploaded EAP-TLS certificate is actually being used, you can open a Telnet or SSH session to the LANCOM WLC and enter the command show eap at the command prompt.