Configuring the Module

EAP-TLS and EAP-TTLS Authentication Methods

To set up a username and password for the Pairwise Key Management (PKM) of a CGR 1000, the WiMAX module must be installed and running. CGR 1000s that ship with a pre-installed WIMAX module will have a pre-installed WiMAX configuration.

You can configure your WiMAX interface for one of the following authentication methods:

No Authentication (Open)

EAP-TLS Authentication

The WiMAX interface uses trustpoints in the following manner. A certificate-based mutual authentication is mandatory. The WiMAX module needs both of the following for authentication:

A server-root-ca CA certificate authority trustpoint containing the CA certificate that signs the certificate being used on the AAA/RADIUS server.

A device trustpoint for the WIMAX module. The modem on the WiMAX module has an embedded Airspan-signed device certificate that the supplicant can automatically use as the device trustpoint for authentication. If users do not want to use this certificate, they must import and specify a device trustpoint using the imported device certificate.

To configure EAP-TLS to use a user-defined WIMAX device certificate:

Router(config-if)# shutdown

Router(config-if)# pkm version pkm-v2

Router(config-if)#pkm trustpoint device actual_device_trustpoint_label

Router(config-if)#pkm trustpoint server-root-ca actual_ca_trustpoint_label

Router(config-if)#pkm auth-method eap-tls

Router(config-if)# no shutdown

To configure EAP-TLS to use the embedded Airspan certificate as the WIMAX device certificate:

Router(config-if)# shutdown

Router(config-if)# pkm version pkm-v2

Router(config-if)#pkm trustpoint server-root-ca actual_ca_trustpoint_label

Router(config-if)#pkm auth-method eap-tls

Router(config-if)# no shutdown

If the trustpoint CLI is not issued for device trustpoint, then the system uses the embedded certificate.

EAP-TTLS Authentication

EAP-TTLS authentication is a one-sided authentication using an Airspan certificate. A certificate-based authentication is only required for the AAA/RADIUS server. Only a server-root-ca trustpoint configuration is required for the WIMAX interface to authenticate the AAA/RADIUS server certificate. The client (WIMAX interface) authentication is executed through MSCHAPv2 authentication (configuring the PKM user and password) through an encrypted tunnel.

Router(config-if)# shutdown

Router(config-if)# pkm version pkm-v2

Router(config-if)#pkm trustpoint server-root-ca actual_ca_trustpoint_label

Router(config-if)#pkm username actual_user_name password actual_password

Router(config-if)#pkm auth-method eap-ttls

Cisco Connected Grid Modules for CGR 1000 Series—WiMAX Installation and Configuration Guide

 

OL-26236-03

19

 

 

 

Page 19
Image 19
Cisco Systems CGR1120K9 manual EAP-TLS and EAP-TTLS Authentication Methods, Routerconfig-if#pkm auth-method eap-ttls

CGR1120K9 specifications

Cisco Systems CGR1120K9 is a robust networking device designed specifically for the Internet of Things (IoT) and industrial applications. As a part of the Cisco Connected Grid Router series, the CGR1120K9 delivers reliable connectivity and supports various networking functionalities to enhance operational efficiency in challenging environments.

One of the prominent features of the CGR1120K9 is its rugged design, built to withstand harsh conditions typical in industrial settings. With an operating temperature range of -40 to +85 degrees Celsius, it is ideal for use in outdoor and remote locations, making it suitable for utilities, transportation, and critical infrastructure industries. Its compact form factor allows for flexible installation options, which is crucial in space-constrained environments.

The CGR1120K9 comes equipped with a range of interfaces, including Ethernet ports and serial interfaces, providing versatility in integrating with different devices and systems. It supports both wired and wireless connections, enabling seamless communication across the IoT landscape. Additionally, the router features a dedicated management interface for simplified configuration and monitoring, ensuring that network administrators can efficiently manage their deployments.

In terms of performance, the CGR1120K9 features advanced routing and security capabilities, including support for IPv6, virtual private networks (VPNs), and firewall functionalities. This ensures secure data transmission over the network while maintaining high-performance levels essential for real-time applications. The device is powered by Cisco's IOS XE software, which offers enhanced operational capabilities through advanced features such as software-defined networking (SDN) and automation.

Another key characteristic of the CGR1120K9 is its scalability. Organizations can easily expand their networks as their needs evolve, ensuring an investment that grows with them. The router is designed to work cost-effectively in both small and large-scale deployments, making it a flexible choice for various business environments.

The CGR1120K9 also supports a range of protocols and standards, ensuring compatibility with existing infrastructure and devices. This is crucial for organizations seeking to modernize their networks while leveraging existing investments in hardware and software.

In conclusion, the Cisco Systems CGR1120K9 stands out as a high-performance, rugged router tailored for the demands of IoT and industrial applications. With its robust features, advanced technologies, and characteristics, it empowers organizations to enhance connectivity and streamline operations in even the most challenging environments.