PEAP-MSCHAPv2

Unanswered Question
Jul 10th, 2007
User Badges:

Hi,

I'm still today a bit confused around the PEAP authentication, WEP encryption, etc.

How does it work if we want to work with Dynamic WEP keys? to avoid that user's need to know an extensive WepKey? is it less secure then working with Fixed WEP keys?


Jorge

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 07/11/2007 - 02:32
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Jorge


When you use PEAP authentication once you have authenticated via the radius server a dynamic key is then generated by the Radius server and handed back to the client. This key is then renewed after a certain period of time which is configurable by you.


This is much more secure than using a fixed key as the key will keep changing in addition to which it is a lot easier to manage ie. if your fixed key was compromised you would need to change it manually on the client computer.


HTH


Jon

jorge.s Wed, 07/11/2007 - 02:54
User Badges:

How should it then be configured on the AP ?

Do I need to mention an WEP key there?


encryption vlan 150 key 1 size 128bit 7 B5429C53514B971BC3FCC06333D transmit-key

encryption vlan 150 mode wep mandatory

Jon Marshall Wed, 07/11/2007 - 03:22
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Jorge


No, with dynamic keys you should never have to type in a WEP key as this will be generated automatically for you.


What AP and which version of software are you using.


Jon

jorge.s Wed, 07/11/2007 - 04:25
User Badges:

is an AIR-AP1231G-E-K9

with ios 12.3(8)JEB


What should I insert then in the AP? to tell him it should be Dynamic WEP?


Jorge

Jon Marshall Wed, 07/11/2007 - 04:53
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Jorge


Attached is a link to configuring WEP keys for the AP1230 with your version of IOS. The first pafrt is about configuring static WEP keys which you don't want. The second "Enabling Cipher Suites and WEP" is the one you are interested in.


http://www.cisco.com/en/US/docs/wireless/access_point/12.3_8_JA/configuration/guide/s38wep.html#wp1036363


HTH


Jon

Actions

This Discussion

 

 

Trending Topics - Security & Network