Quick eap-tls question?

Unanswered Question
Nov 11th, 2008

If I have a laptop running eap-tls in the following way

laptop ---- ap -----wlc ------cisco acs (radius)

lets say the laptop starts eap-tls when it boots up and exchanges certificates with the acs

If i have no encrytion set on the WLAN, would the whole tls and certificate exchange be readable by a wireless network sniffer?

I really get confused between eap-tls and lets say a web ssl (tls) session

eap-tls is pure authentication, no encrytion?

where when you start an ssl session, lets say with amazon.co.uk, all data within the ssl (tls) session is encrypted

Is anything encrypted when using eap-tls if you use an open network?

Many thx indeed,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kfarrington Tue, 11/11/2008 - 09:24

Also, just reading the rfc is states "MAY"

It states that you use eap-tls within eap-tls?

2.1.4. Privacy

EAP-TLS peer and server implementations MAY support privacy.

Disclosure of the username is avoided by utilizing a privacy Network

Access Identifier (NAI) [RFC 4282] in the EAP-Response/Identity, and

transmitting the peer certificate within a TLS session providing


Any comments and clarification on this would be great. I just have the ssl web scenario stuck in my brain and cant adapt it (if appropriate) to eap-tls?

Thx guys,



When you configure your WLAN on the WLC, the only 802.1x options you have also include WEP. WEP does the data encyption. I don't know how you are going to get EAP-TLS without data encryption on the WLC. Remember, EAP is invoked by the 802.1x process. By definition, EAP-TLS only provides secured authentication.

kfarrington Tue, 11/11/2008 - 11:34

sorry when you say wep, do you mean Wired Equivalent Privacy (WEP), or is this something else?

sorry if im being dumb here? or is there another wep? i have heard the phrase dynamic and static wep before?

Many thx for your help mate



This Discussion



Trending Topics - Security & Network