Cisco Systems CGR1120K9 manual EAP-TLS and EAP-TTLS Authentication Methods

Page 19

Configuring the Module

EAP-TLS and EAP-TTLS Authentication Methods

To set up a username and password for the Pairwise Key Management (PKM) of a CGR 1000, the WiMAX module must be installed and running. CGR 1000s that ship with a pre-installed WIMAX module will have a pre-installed WiMAX configuration.

You can configure your WiMAX interface for one of the following authentication methods:

No Authentication (Open)

EAP-TLS Authentication

The WiMAX interface uses trustpoints in the following manner. A certificate-based mutual authentication is mandatory. The WiMAX module needs both of the following for authentication:

A server-root-ca CA certificate authority trustpoint containing the CA certificate that signs the certificate being used on the AAA/RADIUS server.

A device trustpoint for the WIMAX module. The modem on the WiMAX module has an embedded Airspan-signed device certificate that the supplicant can automatically use as the device trustpoint for authentication. If users do not want to use this certificate, they must import and specify a device trustpoint using the imported device certificate.

To configure EAP-TLS to use a user-defined WIMAX device certificate:

Router(config-if)# shutdown

Router(config-if)# pkm version pkm-v2

Router(config-if)#pkm trustpoint device actual_device_trustpoint_label

Router(config-if)#pkm trustpoint server-root-ca actual_ca_trustpoint_label

Router(config-if)#pkm auth-method eap-tls

Router(config-if)# no shutdown

To configure EAP-TLS to use the embedded Airspan certificate as the WIMAX device certificate:

Router(config-if)# shutdown

Router(config-if)# pkm version pkm-v2

Router(config-if)#pkm trustpoint server-root-ca actual_ca_trustpoint_label

Router(config-if)#pkm auth-method eap-tls

Router(config-if)# no shutdown

If the trustpoint CLI is not issued for device trustpoint, then the system uses the embedded certificate.

EAP-TTLS Authentication

EAP-TTLS authentication is a one-sided authentication using an Airspan certificate. A certificate-based authentication is only required for the AAA/RADIUS server. Only a server-root-ca trustpoint configuration is required for the WIMAX interface to authenticate the AAA/RADIUS server certificate. The client (WIMAX interface) authentication is executed through MSCHAPv2 authentication (configuring the PKM user and password) through an encrypted tunnel.

Router(config-if)# shutdown

Router(config-if)# pkm version pkm-v2

Router(config-if)#pkm trustpoint server-root-ca actual_ca_trustpoint_label

Router(config-if)#pkm username actual_user_name password actual_password

Router(config-if)#pkm auth-method eap-ttls

Cisco Connected Grid Modules for CGR 1000 Series—WiMAX Installation and Configuration Guide

 

OL-26236-03

19

 

 

 

Page 18 Page 20
Image 19
Page 18 Page 20
Contents Cisco Connected Grid Modules for Cisco Part Number Description Parts ListParts List Feature Description FeaturesFEC Hardware OverviewFront Panel QMAf connectorANT-WM-INT-OUT-M Supported Cisco WiMAX AntennasWiMAX Interface Mechanical SpecificationsState Description Module StatesRadio Frequency Interface DC Power ConsumptionTemperature Monitoring State Machine Module Power StatesBefore You Begin Installation Installing and Removing the WiMAX ModuleInstallation Warning Statements Removing the WiMAX Module Installing the WiMAX ModuleWiMAX Overview StandardsRegulatory and Compliance Information Software Overview8091 1026 Data WiMAX Link QoSQoS Support QoS OutputCID QoS Parameters Guidelines and Limitations Configuring the ModuleAdditional QoS Commands PrerequisitesWiMAX X.509 Certificates WiMAX Interface SecurityRouterconfig-if#pkm auth-method eap-ttls EAP-TLS and EAP-TTLS Authentication MethodsWiMAX Interface Configuration WiMAX Scan-list ConfigurationEnable Security Parameters Show sprom Additional WiMAX Configuration CommandsWiMAX show Command Examples Enabling an InterfaceRouter # show controllers wimax 6/1 Show interfaces wimax interfacename associationShow controllers wimax interfacename Router # show interface wimax 3/1 associationRouter # show interface wimax 3/1 scanning Troubleshooting and DiagnosticsShow interfaces wimax interfacename statistics Show interface wimax interfacename scanningChecking Signal Strength WiMAX Debug CommandsRetrieving the Electronic Serial Number VID Converting Hexadecimal ESN to Decimal NotationLightning Arrestor for the Cisco 1240 Connected Grid Router Additional ReferencesRelease Feature Information Feature HistoryCisco System Software Commands Documents Regulatory, Compliance, and Safety InformationConnected Grid Documentation Feedback Form Technical Assistance Tell Us What You Think

CGR1120K9 specifications

Cisco Systems CGR1120K9 is a robust networking device designed specifically for the Internet of Things (IoT) and industrial applications. As a part of the Cisco Connected Grid Router series, the CGR1120K9 delivers reliable connectivity and supports various networking functionalities to enhance operational efficiency in challenging environments.

One of the prominent features of the CGR1120K9 is its rugged design, built to withstand harsh conditions typical in industrial settings. With an operating temperature range of -40 to +85 degrees Celsius, it is ideal for use in outdoor and remote locations, making it suitable for utilities, transportation, and critical infrastructure industries. Its compact form factor allows for flexible installation options, which is crucial in space-constrained environments.

The CGR1120K9 comes equipped with a range of interfaces, including Ethernet ports and serial interfaces, providing versatility in integrating with different devices and systems. It supports both wired and wireless connections, enabling seamless communication across the IoT landscape. Additionally, the router features a dedicated management interface for simplified configuration and monitoring, ensuring that network administrators can efficiently manage their deployments.

In terms of performance, the CGR1120K9 features advanced routing and security capabilities, including support for IPv6, virtual private networks (VPNs), and firewall functionalities. This ensures secure data transmission over the network while maintaining high-performance levels essential for real-time applications. The device is powered by Cisco's IOS XE software, which offers enhanced operational capabilities through advanced features such as software-defined networking (SDN) and automation.

Another key characteristic of the CGR1120K9 is its scalability. Organizations can easily expand their networks as their needs evolve, ensuring an investment that grows with them. The router is designed to work cost-effectively in both small and large-scale deployments, making it a flexible choice for various business environments.

The CGR1120K9 also supports a range of protocols and standards, ensuring compatibility with existing infrastructure and devices. This is crucial for organizations seeking to modernize their networks while leveraging existing investments in hardware and software.

In conclusion, the Cisco Systems CGR1120K9 stands out as a high-performance, rugged router tailored for the demands of IoT and industrial applications. With its robust features, advanced technologies, and characteristics, it empowers organizations to enhance connectivity and streamline operations in even the most challenging environments.
Top Page Image Contents