Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
654
Views
0
Helpful
3
Replies

open eap needed for LEAP ?

hvd
Level 1
Level 1

‎03-02-2004 04:43 AM - edited ‎07-04-2021 09:24 AM

We've got about 120 aironet 1100s in use. They're all configured for the use with leap "authentication network-eap eap_methods"

Since we're using all aironet 352 Pcmcia cards we don't have any problems.

Now we are in the negotiation phase for new handhelds using other brand of networkcards (Intel) which do not cope well with leap. The supplier now claims that we have to reconfigure our ap's with following line "authentication open eap eap_methods" to make it work. They're not able to put a cisco card in their device and it seems the only way to make things work.

As I understand "authentication open eap eap_methods" opens the gate for all kinds op eap such as PEAP, EAP-TLS, EAP. So we are tearing down the security of our network by doing this. There's a lot of confusing information about this going around.

Are we facing here a security issue by changing our config in this way?

Would appreciate your findings.

Labels:
0 Helpful
3 Replies 3

sbilgi
Level 5
Level 5

‎03-08-2004 12:39 PM

The following document will help you:

http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_bulletin09186a0080088832.html

0 Helpful

s.vautour
Level 1
Level 1

‎03-09-2004 05:15 AM

PEAP & EAP-TLS are considered more secure than LEAP. LEAP uses MSCHAP to transfer a hash of the password which is volnurable to dictionary attacks. PEAP & EAP-TLS transfer the auth info inside a TLS tunnel which is fully secure. If you don't want to change your existing clients, I would recommend you create a new SSID for your new EAP type and bind it to a new VLAN. This will allow you to run LEAP and PEAP/EAP-TLS at the same time.

Serge

0 Helpful

emcpherson
Level 1
Level 1

‎03-24-2004 11:37 AM

I was also confused about setting this up and had to open up a tac case.

The explanation given to me is the Network EAP options is for Cisco Cards and the Open/EAP options are for other cards.

I have both those options on the same SSID just in case if we have a non-cisco card who want to use the SSID but has to use 802.1x and CKIP.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card