Extensible Authentication Protocol (EAP) is an authentication protocol that supports multiple authentication methods, passwords, RADIUS, and so on. Lightweight Extensible Authentication Protocol (LEAP) is the Cisco authentication protocol. LEAP is based on EAP, an extension to PPP.
This authentication type provides the highest level of security for your wireless network. By using EAP to interact with an EAP-compatible RADIUS server, the Access Point (AP) helps a wireless client device and the RADIUS server perform mutual authentication and derive a dynamic unicast Wired Equivalent Privacy (WEP) key. The RADIUS server sends the WEP key to the AP, which uses it for all unicast data signals that it sends to or receives from the client. The AP also encrypts its broadcast WEP key (entered in the access AP's WEP key slot 1) with the client's unicast key and sends it to the client.
There is more than one type of EAP authentication, but the AP behaves the same way for each type. It relays authentication messages from the wireless client device to the RADIUS server, and from the RADIUS server to the wireless client device. For instructions on setting up EAP on the AP, refer to the Assigning Authentication Types to an SSID section of Configuring Authentication Types.
Open authentication allows any device to authenticate and then attempt to communicate with the AP. Where the SSID is set for authentication, type open with EAP authentication. The AP forces all client devices to perform EAP authentication before they are allowed to join the network.
Note: An AP configured for EAP authentication forces all client devices that associate to perform EAP authentication. Client devices that do not use EAP cannot use the AP.
Where the authentication type for the SSID is set to Network-EAP, using EAP to interact with an EAP-compatible RADIUS server, the AP helps a wireless client device and the RADIUS server perform mutual authentication. It also derives a dynamic unicast WEP key. However, the AP does not force all client devices to perform EAP authentication.
My controller is AIR-CT3504, software version is 184.108.40.206. I have such a problem, the manage port of my controller and all the AP are in VLAN99, all computers are in VLAN172. I could access WLC manage web from LAN cable of VLAN172 before&n...
Hi All,currently iam working on a migration of Cisco wlc 2504 to 3504.we are using radius authentication with windows NPS to authenticate clients. when i am trying to connect the SSID, computer prompt me to enter the user name and password. once i enter c...
I have a WLC 5508 running 8.5.120 code. I have wireless client who need to print from Apple devices to a HP M426 laserjet printer. So I set up the WLC for mDNS by doing the following:1. Enabling mDNS snooping2. Enabling global multicast and IGMP snoo...