×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

What does WEP/EAP/LEAP encrypt ?

Answered Question
Mar 13th, 2003
User Badges:

Does EAP/LEAP encrypt the wireless authentication to the AP or the entire session? In other words after you are authenticated is the data being sent through the air encrypted? i.e. Web traffic, e-mail

Correct Answer by ndoshi about 14 years 5 months ago

Hi


Leap / EAP is framework of protocol between Users , Radius Server and AP .


It authenitcates users via Radius server .

It generates DYNAMIC KEY to encrypt the ALL DATA traffic .


so you can have centralised database and dynamic Key . You don't have to

manage the key in this process .


So all traffic is encrypted between AP and client .


http://www.cisco.com/en/US/partner/products/hw/wireless/ps4570/products_white_paper09186a00800b469f.shtml


Above white paper explains in detail

http://www.cisco.com/en/US/partner/products/hw/wireless/ps4570/prod_white_papers_list.html


Nilesh




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Correct Answer
ndoshi Thu, 03/13/2003 - 13:14
User Badges:
  • Cisco Employee,

Hi


Leap / EAP is framework of protocol between Users , Radius Server and AP .


It authenitcates users via Radius server .

It generates DYNAMIC KEY to encrypt the ALL DATA traffic .


so you can have centralised database and dynamic Key . You don't have to

manage the key in this process .


So all traffic is encrypted between AP and client .


http://www.cisco.com/en/US/partner/products/hw/wireless/ps4570/products_white_paper09186a00800b469f.shtml


Above white paper explains in detail

http://www.cisco.com/en/US/partner/products/hw/wireless/ps4570/prod_white_papers_list.html


Nilesh




dladen Thu, 03/20/2003 - 20:38
User Badges:

On the client, if I am using LEAP, do I need to setup a encryption key? What is it used for? Is it dynamic like the unicast key provided from the RADUIS server? Does PEAP support the same dynamic environment that LEAP does.


Thanks,

Dan Laden

aonibala Fri, 03/21/2003 - 04:05
User Badges:

If using LEAP, you need not to put the static WEP on the client. The WEP key fields are greyed out. EACH client will receive UNIQUE dynamic WEP key per session from the RADIUS. You can strengthen it further by rotating/limiting the key duration to let say 20 minutes. You can go extreme by turning TKIP on where you get UNIQUE key per PACKET: http://wlanresearch.com/LEAPVPN.htm


PEAP is similar to LEAP for the dynamic session key part. As for the rotating key and TKIP, LEAP is far better than anything else out there. It is truly a quantum leap :-)


Audie Onibala

Actions

This Discussion

 

 

Trending Topics - Security & Network