View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

WL0006 - WLC Access Point Authentication (Part 1)

Average: 5 (2 votes)
Difficulty Level: 
Lab Document: 
<Please login to see the content>
Video Download: 
Title: WL0006 - Video Download $11.00
Purchase WL0006 - Video Download $11.00
The video shows you how you can increase security with access point authentication. We will go through various approaches available on Cisco Wireless LAN Controller that allow an AP to be authenticated prior to joining including MIC and LSC certificate authentication, static local and RADIUS MAC address auth list, and 802.1x authentication. We will be able to see and realize which method would work best in your environment.
Part 1 of this video covers certificate and MAC address based authentication 
  • AP Authentication
  • Manufacture-Installed Certificate (MIC)
  • MIC with AP Authorization List
  • MIC with External RADIUS
  • Locally Significant Certificate (LSC)
  • 802.1x Authentication

About Author

Metha Cheiwanichakorn, CCIE#23585 (RS, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at, Metha enjoys learning and challenges himself with new Cisco technologies.


i had enable LSE by usig CA server and in the controller also. Now i was connect an AP in to the network. so after verification of MIC it will download the LSC certificate from the CA server. So were is the security and how it is more secure then compared to MIC. every AP is joining and its downloading LSC from CA server.

Well.. You would only allow LSC enrollment when AP first comes up. Once AP is registered using LSC, you should disable the enrollment so only authorized AP can register.

You mean by using the stating controller you added the LSC certificate to AP and then after you will put that AP into the production. So now the AP having the LIS certificate before it is into the production. Am I right

You actually need to use the same controller to issue LSC or else the AP won't pass authentication. You enable LSC on WLC only when you know a new AP is coming up to let it download the cert then disable afterwards.

1)What is the use of the Support for RFC 3576 and why we are mentioning the shared key for AAA ?
2)AAA-Authentication option is used for only AP authentication or for any other services also?

RFC3576 is for Change of Authorization which is not required for this excercise. You normally enabled it to support 802.1X authentication for wireless user. AAA Auth is for both AP and user authentication against RADIUS server