02-23-2005 06:02 AM - edited 07-04-2021 10:29 AM
I am looking for recommendations of the strongest/most secure encryption and authenication method to use to secure clients that are using CB21AG client adapters and ADU software.
EAP-TLS is not an option as we currently do not have PKI in place. EAP-FAST is preferred, but not supported yet with curent client software. What's the next best method?
I have a WLSE and ACS server along with AP1210s at my disposal. Client laptops are predominantly XPsp1.
Thanks, in advance, for your suggestions.
John Rumball
Solved! Go to Solution.
02-23-2005 02:48 PM
WPA with PEAP would be the most secure but LEAP would be the easiest - just use strong passwords. EAP-FAST should be supported in the next release of the ADU, v1.3, I believe. That would be the easiest and most secure for all Cisco clients. Turn off WZC service.
03-14-2005 08:05 PM
The problem with LEAP (besides the vulnerability with passwords) is that it requires Cisco's version of TKIP and MIC to be secure. The CB21 doesn't appear to support them. If it doesn't I would strongly recommend against "raw" WEP (which is what you are left with when you turn off Cisco's TKIP and MIC). Use WPA PEAP.
02-23-2005 02:48 PM
WPA with PEAP would be the most secure but LEAP would be the easiest - just use strong passwords. EAP-FAST should be supported in the next release of the ADU, v1.3, I believe. That would be the easiest and most secure for all Cisco clients. Turn off WZC service.
03-14-2005 08:05 PM
The problem with LEAP (besides the vulnerability with passwords) is that it requires Cisco's version of TKIP and MIC to be secure. The CB21 doesn't appear to support them. If it doesn't I would strongly recommend against "raw" WEP (which is what you are left with when you turn off Cisco's TKIP and MIC). Use WPA PEAP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide