
8-12
Cisco Wireless LAN Controller Configuration Guide
OL-13826-01
Chapter 8 Managing Controller Software and Configurations
Transferring Files to and from a Controller
Step 5 Enter transfer download start to view the updated settings; then answer y when prompted to confirm
the current settings and start the download process. This example shows the download command output:
Mode........................................... TFTP
Data Type................................... Vendor CA Cert
TFTP Server IP.............................. 10.10.10.4
TFTP Packet Timeout............................ 6
TFTP Max Retries............................... 10
TFTP Path................................... /tftpboot/username/
TFTP Filename............................... filename.pem
This may take some time.
Are you sure you want to start? (y/N) y
TFTP EAP CA cert transfer starting.
Certificate installed.
Reboot the switch to use the new certificate.
Step 6 Enter reset system to reboot the controller.
Step 7 After the controller reboots, enter show certificates local-auth to verify that the certificate is installed.
Uploading PACs
Protected access credentials (PACs) are credentials that are either automatically or manually provisioned
and used to perform mutual authentication with a local EAP authentication server during EAP-FAST
authentication. When manual PAC provisioning is enabled, the PAC file is manually generated on the
controller.
Note See the “Configuring Local EAP” section on page 5-23 for information on configuring local EAP.
Follow the instructions in this section to generate and load PACs from the controller through the GUI or
CLI. However, before you begin, make sure you have a TFTP server available for the PAC upload. Keep
these guidelines in mind when setting up a TFTP server:
• If you are uploading through the service port, the TFTP server must be on the same subnet as the
service port because the service port is not routable, or you must create static routes on the
controller.
• If you are uploading through the distribution system network port, the TFTP server can be on the
same or a different subnet because the distribution system port is routable.
• A third-party TFTP server cannot run on the same computer as the Cisco WCS because the WCS
built-in TFTP server and the third-party TFTP server require the same communication port.
Komentáře k této Příručce