I would not regard this as very much of a hazzard. The switch uses a key to authenticate with the radius server as it gets ready to authenticate user sessions, and (depending on how you have configured your devices) possibly to prepare to do authorization requests, or possibly to prepare to send accounting records to the server.
Since the remote devices do not create user records on the radius server or alter records on the server it does not pose much threat to the integrity of the radius server. Probably worst case, if an end user knew the key it might allow the user to spoof communications to the server and appear to be a device requesting authentication. Perhaps it might be part of doing a dictionary attack to find passwords for known user IDs. But since the radius server associates particular keys with particular device addresses the spoofing would have to send the transaction to the server and have a way to get the server response sent to it and not to the real device. And the dictionary attach could just as well be mounted by attempting access to real network devices.
So I do not see a lot of threat if an end user did happen to know the key used between the device and the server.
Knowing a shared secret would allow a man-in-the-middle attacker to harvest usernames and passwords for non-chap-like protocols.
It also allows a MitM to collect wep session keys by simply acting as a RADIUS proxy - with LEAP.
With new EAP protocols its not an issue because the authentication is protected via an end-to-end tunnel (client <-> aaa server)
However, if a malicious user knows where the AAA servers are, I'd worry more about a DoS attack bringing down the AAA server (and therefore preventing anyone getting access to perhaps your entire WLAN & possibily LAN)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...