EAP-TLS uses WEP ?

Answered Question
Apr 2nd, 2008
User Badges:

Why do you need to configure WEP as data encryption when using EAP-TLS ?


"Ensure that Data Encryption is set to WEP"


Can't you use WPA2 ?


Gr.

Remco

Correct Answer by Pushkar Sambhoos about 9 years 2 months ago

Remco,


1. What do I have to do to configure EAP-TLS ??

In order to configure EAP-TLS the only configuration on the WLC is selection of 802.1x on the Layer 2 Security Screen.


2. Users must have a user certificate and the computers need a computer certificate. IAS Server needs a server certificate.

You RADIUS server needs to have a certificate and this needs to be added on each client to the list of trusted certificates. There is no configuration required on the controller side for this.


3. I want to use WPA/PWA2 enterprise with AES encryption. In all the documents you can see that the client is configured with WEP.

By default if you choose 801.x on the layer 2 security, WEp is used as the encryption. You have to understand these are two different things. One is encryption (TKIP/AES and another is authentication 801.x). So if you want to use WPA2 with EAP-TLS, you need to select WPA1+WPA2 as the Layer 2 Security and then select 802.1x on the same screen under "Auth Key Mgmt" select 802.1x


Let me know if this answers your question.


--

Pushkar


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Scott Fella Wed, 04/02/2008 - 14:54
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

What device do you have.... WPA or WPA2 is usually the choice... not WEP. Here is a link to EAP-TLS for an WLC.


http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917a6.shtml#t19

Pushkar Sambhoos Wed, 04/02/2008 - 17:17
User Badges:
  • Cisco Employee,

Remco,


If you want to use EAP-TLS as the authentication and WEP as the encryption, you need to set the following on a WLAN on the controller.


Under Security ---> Layer 2 in a WLAN, Select "Layer 2 Security" as 802.1x and the "802.1X Parameters" to WEP with the key length you want. You ACS server should be configured to do EAP-TLS. The client should also be configured appropriately.


--

Pushkar

remco.gussen Thu, 04/03/2008 - 06:11
User Badges:

What I want is this:


A secure wireless network (already did PEAP MS-CHAP v2, but want to try EAP-TLS).


What do I have to do to configure EAP-TLS ??


Users must have a user certificate and the computers need a computer certificate. IAS Server needs a server sertificate.


I want to use WPA/PWA2 enterprise with AES encryption...

In all the documents you can see that the client is configured with WEP...


Regards

Remco

Correct Answer
Pushkar Sambhoos Thu, 04/03/2008 - 23:40
User Badges:
  • Cisco Employee,

Remco,


1. What do I have to do to configure EAP-TLS ??

In order to configure EAP-TLS the only configuration on the WLC is selection of 802.1x on the Layer 2 Security Screen.


2. Users must have a user certificate and the computers need a computer certificate. IAS Server needs a server certificate.

You RADIUS server needs to have a certificate and this needs to be added on each client to the list of trusted certificates. There is no configuration required on the controller side for this.


3. I want to use WPA/PWA2 enterprise with AES encryption. In all the documents you can see that the client is configured with WEP.

By default if you choose 801.x on the layer 2 security, WEp is used as the encryption. You have to understand these are two different things. One is encryption (TKIP/AES and another is authentication 801.x). So if you want to use WPA2 with EAP-TLS, you need to select WPA1+WPA2 as the Layer 2 Security and then select 802.1x on the same screen under "Auth Key Mgmt" select 802.1x


Let me know if this answers your question.


--

Pushkar


Actions

This Discussion

 

 

Trending Topics - Security & Network