Cisco Support Community
Community Member

PEAP Level of Encryption using TKIP user Session Keys

I need to get an understanding on the encryption user PEAP in the following configuration. AP 340, AP350,AP 1100, SecureACS 3.1and RSA Ace server 5.1. I have a requiremnet not to use VPN software on the Wireless clients. I can define that only Cisco Wireless cards and ACU software be used on Client system and also state that only XP SP2 or Windows 2000 with patch be used on the wireless network using RSA Secure ID tokens. This will mean I can use PEAP and not need the Client workstation be apart of the Windows domain and I think I get encryption use TKIP. Please let me know if that is True? I also want to know how does PEAP encryption for the data compare to IPSEC 3DES?


Re: PEAP Level of Encryption using TKIP user Session Keys

You seem to have got a couple of things mixed up. While IPSec is used for authentication, data integrity and Encryption, PEAP is a secure, client-server authentication method for wireless networks. You really can't go about comparing the two. For more informatin on PEAP, you could refer to

Community Member

Re: PEAP Level of Encryption using TKIP user Session Keys

Thank you for your response. I may have misunderstanding but here is a quote from Cisco Documents "TKIP provides two major enhancements to WEP:

A message integrity check (MIC) function on all WEP-encrypted data frames

Per-packet keying on all WEP-encrypted data frames"

I just do not know how to assest encryption feature with TKIP enhancement. I do not have the backround to compare encryption, so I need to try and get an understanding by asking the questions. If the Per packet keying make the WEP-encryption equal to 3 Des Tunnel as far as the risk or the cost to unencrypt the data by third party, then I have meet my risk requirements. Any help that could answer this question from risk perpective would be great.

CreatePlease to create content