Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Dynamic session keys and EAP

I remember reading somewhere that 802.1x has dynamic session-based encryption keys. The article mentioned that the key will change when it roams to a new AP. This will have some impact on VPN users. Is this true?

I will like to implement on my wireless users that they use 802.1x to authenicate and power up their VPN to access the Intranet. If the above is true, how do I go about solving it?

Another question is, if my AP is cisco 1200, and some of the client cards are a mixture of cisco aironets and other brands, is it possible for the AP to authenticate the Aironet cards using LEAP, and the other brands using EAP?

New Member

Re: Dynamic session keys and EAP

802.1x provides for layer 2 security for your WLAN. Which in your case secure the sessions between your AP and it's client. Therefore I doubt that there'll be an issue running it together with VPN.

Cisco Aironet 1200 is compatible with legacy cards from Cisco. As for other brands, you'll need to do some testing, I've encounter some problem running it with SMC WLAN NIC but have no problem using it with Orinoco or lucent NIC.

LEAP only works with Cisco card, since it require the use of Cisco ACU. As for EAP, I'm still trying to get it to work using EAP-MD5. I remember reading something on implementing EAP-TLS from CCO.