Resolution
Cisco LEAP is an 802.1X authentication type for Wireless LANs (WLANs) that supports strong mutual authentication between the client and a RADIUS server, with a logon password as the shared secret. It provides dynamic per-user, per-session encryption keys. LEAP is based on EAP, an extension to Point-to-Point Protocol (PPP).
When a LEAP solution is implemented, network administrators are advised to review the 802.11 Wireless LAN Security White Paper.
LEAP is only supported on client adapters that support WEP, and use either the PCM, LMC, or PCI cards with firmware version 4.13 or later, or mini PCI card firmware version 5.0 or later. To use LEAP, the client adapter and Cisco Access Point (AP) firmware must have matching IEEE 802.1x draft standards.
Special attention must be paid to the use of strong passwords. Cisco LEAP is a password-based algorithm. To minimize the possibility of a successful dictionary attack, use strong passwords, which are difficult to guess. Strong passwords are:
- A minimum of ten characters
- A mixture of uppercase and lowercase letters
- Comprised of at least one numeric character or one non-alphanumeric character (example: !#@$%)
- No form of the user's name or user ID
- A word that is not found in the dictionary (domestic or foreign)
For more information about Cisco LEAP, an EAP type, refer to Cisco LEAP.
For information on how to configure LEAP with a local Radius server read LEAP Authentication with Local RADIUS Server
For more information on Cisco Aironet WLAN Security, refer to Cisco Aironet Wireless LAN Security Overview.
