Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
375
Views
0
Helpful
3
Replies

I want to run PEAP and LEAP at the same time...

d.beaver
Level 1
Level 1

‎09-02-2004 03:56 AM - edited ‎07-04-2021 09:57 AM

I have an environment where I have 25 Laptops connected to my wireless network using PEAP and TKIP over an XP wireless client with a certificate. I also just purchased 25 IPAQ's with built-in wireless and they have the ability to do LEAP or PEAP. I am having issues getting the certificate to take up residence on the IPAQ's, so I thought I could do LEAP instead. What are the caveats of running both protocols at the same time and what configuration issues will I run into with this on the IPAQ's?

I tried to setup LEAP yesterday without success, basically because I don't know what step I am leaving out. Maybe its TKIP that is causing the problem, I don't know.

Any help would be greatly appreciated.

David Beaver

Labels:
0 Helpful
3 Replies 3

gamccall
Level 4
Level 4

‎09-02-2004 08:08 AM

The access point doesn't know or care which EAP flavor you're using; LEAP vs PEAP is configured on the client, and you have to specify on your server which flavor(s) you'll allow.

Supporting both PEAP and LEAP is inelegant, though, and exposes some of your clients to the dictionary attacks LEAP is subject to. You'd be better served by getting PEAP working correctly on your iPaqs.

You don't need clientside certificates for PEAP, and you don't need to put the server certificate on the iPaq unless you're self-signing. If you are and the problem is that the iPaq isn't accepting your root cert, then the problem may be that it's not in a format the iPaq recognizes. Try importing the root cert into IE and then re-exporting it in DER format, then see if the iPaq will take that.

Also make sure that your pda's are flashed with the latest OS and firmware patches. I've got PEAP working just fine on my HP 5500, but it did take a little tweaking to get it there.

0 Helpful

vramanaiah
Level 1
Level 1
In response to gamccall

‎09-30-2006 04:14 AM

I have a different concern altogether.. What if i dont want to support both.. How do i disable LEAP for client auth..??

See http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=Security%20and%20Network%20Management&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddc56d4

for details

0 Helpful

scottmac
Level 10
Level 10

‎09-30-2006 04:27 AM

I'm using the Funk Odessey on my iPaq 2795; it does both LEAP and PEAP with no problems.

It came with the unit on the included CD.

Otherwise it can be purchased, and Funk (now part of Juniper) has a 30 day non-crippled trial so you can check it out.

Good Luck

Scott

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card