Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
435
Views
0
Helpful
2
Replies

Recommend security method for CB21AG clients

Go to solution
N3t W0rK3r
Level 3
Level 3

‎02-23-2005 06:02 AM - edited ‎07-04-2021 10:29 AM

I am looking for recommendations of the strongest/most secure encryption and authenication method to use to secure clients that are using CB21AG client adapters and ADU software.

EAP-TLS is not an option as we currently do not have PKI in place. EAP-FAST is preferred, but not supported yet with curent client software. What's the next best method?

I have a WLSE and ACS server along with AP1210s at my disposal. Client laptops are predominantly XPsp1.

Thanks, in advance, for your suggestions.

John Rumball

jorumball@hrsrh.on.ca

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
gdedrick
Level 1
Level 1

‎02-23-2005 02:48 PM

WPA with PEAP would be the most secure but LEAP would be the easiest - just use strong passwords. EAP-FAST should be supported in the next release of the ADU, v1.3, I believe. That would be the easiest and most secure for all Cisco clients. Turn off WZC service.

View solution in original post

0 Helpful

Go to solution
michaelr
Cisco Employee
Cisco Employee
In response to gdedrick

‎03-14-2005 08:05 PM

The problem with LEAP (besides the vulnerability with passwords) is that it requires Cisco's version of TKIP and MIC to be secure. The CB21 doesn't appear to support them. If it doesn't I would strongly recommend against "raw" WEP (which is what you are left with when you turn off Cisco's TKIP and MIC). Use WPA PEAP.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
gdedrick
Level 1
Level 1

‎02-23-2005 02:48 PM

WPA with PEAP would be the most secure but LEAP would be the easiest - just use strong passwords. EAP-FAST should be supported in the next release of the ADU, v1.3, I believe. That would be the easiest and most secure for all Cisco clients. Turn off WZC service.

0 Helpful

Go to solution
michaelr
Cisco Employee
Cisco Employee
In response to gdedrick

‎03-14-2005 08:05 PM

The problem with LEAP (besides the vulnerability with passwords) is that it requires Cisco's version of TKIP and MIC to be secure. The CB21 doesn't appear to support them. If it doesn't I would strongly recommend against "raw" WEP (which is what you are left with when you turn off Cisco's TKIP and MIC). Use WPA PEAP.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card