802.1x *without* encryption. Is it possible ?

Unanswered Question
May 25th, 2010
User Badges:


I have a ACU Client, WLC (with local EAP) and an external RADIUS server.

My aim is to use 802.1x, but WITHOUT encryption.

In the Cisco ACU, when I select 802.1x, I have to select an EAP type.

    With EAP-FAST, selected,

      On the WLC, if I enable local EAP, and  select WEP with No key size, it does not work.

      I have to select a Key size, therebye enabling WEP

         I believe this is because EAP-FAST *MANDATES* usign WEP or a 4 way handshake..

A. If I select other EAP types, and setup my authentication server (Free RADIUS) to support the EAP type,

    can I have a setup that can NOT use encryption ?

          On the WLC, do I just select 802.1x and a WAP key with 0 size ?

B. Is this not possible with any form of Local EAP ??


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
George Stefanick Fri, 05/28/2010 - 10:30
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Interesting question ...

I wonder why you would want to do that ...?

I just checked and it does look like you can do 802.1x with a wep key of NONE.

You may want to give that a shot ...

Please rate the post if you find this helpful

shahedvoicerite Sun, 05/30/2010 - 09:33
User Badges:

Hi George,

Thats actually one of the first things I had tried, but it does not seem to work.

I repeated the test again, but this time with a sniffer running.

            I see the open auth/association go through, but it never proceeds to 802.1x (However this was with a all mixed cell flag on)

            Without that flag set, I dont see any packets from the client, except probe requests !!

On the controller, I was also running a debug aaa enable all, and dont see any activity, in both the above cases.

The moment I set the WEP key length from NONE to 104 bits, it works

I'll try with other clients, but I believe the result will be the same.

Also, this is just to get a better understanding of the behaviour of 802.1x.. Not for production.

Scott Fella Tue, 06/01/2010 - 08:56
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Not possible.... no encryption is having the ssid set to open or layer 2 security set to none.  802.1x usualy means some type of authentication to verify the user or device unless WEP is configured. Here is a link you might of seen already regarding different type s of authentication on the WLC:




This Discussion



Trending Topics - Security & Network