The PEAP With Server Validation Provisioning Enhancement enables zero-touch provisioning of the wireless phones that use Protected Extensible Authentication Protocol (PEAP) with Server Validation. The enhancement installs a server certificate on the phones to validate actions.
The phone performs a TFTP get for the Server
Certificate (WLANRootCA.cer) before the TFTP request for the BDU
files (WLAN(MAC).xml or WLANDefault.xml).
The phone first requests the file from the TFTP server.
Any existing server certificates are removed.
The server certificate must be in SHA-1 and DER format.
After the certificate is installed, Server Validation is enabled
automatically when the phone is configured to use PEAP authentication.
The phone restarts after the certificate is installed.
Starting with Firmware Release 1.4(7), Server Validation cannot be configured.
This feature has no user impact.
The feature is supported on the following phones:
Cisco Unified Wireless IP Phone 7925G
Cisco Unified Wireless IP Phone 7925G-EX
Cisco Unified Wireless IP Phone 7926G