Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

802.1x *without* encryption. Is it possible ?

Hi,

I have a ACU Client, WLC (with local EAP) and an external RADIUS server.

My aim is to use 802.1x, but WITHOUT encryption.

In the Cisco ACU, when I select 802.1x, I have to select an EAP type.

    With EAP-FAST, selected,

      On the WLC, if I enable local EAP, and  select WEP with No key size, it does not work.

      I have to select a Key size, therebye enabling WEP

         I believe this is because EAP-FAST *MANDATES* usign WEP or a 4 way handshake..

A. If I select other EAP types, and setup my authentication server (Free RADIUS) to support the EAP type,

    can I have a setup that can NOT use encryption ?

          On the WLC, do I just select 802.1x and a WAP key with 0 size ?

B. Is this not possible with any form of Local EAP ??

Thanks

4 REPLIES

Re: 802.1x *without* encryption. Is it possible ?

Interesting question ...

I wonder why you would want to do that ...?

I just checked and it does look like you can do 802.1x with a wep key of NONE.

You may want to give that a shot ...

Please rate the post if you find this helpful

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Community Member

Re: 802.1x *without* encryption. Is it possible ?

Hi George,

Thats actually one of the first things I had tried, but it does not seem to work.

I repeated the test again, but this time with a sniffer running.

            I see the open auth/association go through, but it never proceeds to 802.1x (However this was with a all mixed cell flag on)

            Without that flag set, I dont see any packets from the client, except probe requests !!

On the controller, I was also running a debug aaa enable all, and dont see any activity, in both the above cases.

The moment I set the WEP key length from NONE to 104 bits, it works

I'll try with other clients, but I believe the result will be the same.

Also, this is just to get a better understanding of the behaviour of 802.1x.. Not for production.

Community Member

Re: 802.1x *without* encryption. Is it possible ?

On Windows, 802.1x is not possible unless WEP is enabled.

Hall of Fame Super Silver

Re: 802.1x *without* encryption. Is it possible ?

Not possible.... no encryption is having the ssid set to open or layer 2 security set to none.  802.1x usualy means some type of authentication to verify the user or device unless WEP is configured. Here is a link you might of seen already regarding different type s of authentication on the WLC:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807f42e9.shtml#auth-8201

Scott

-Scott
*** Please rate helpful posts ***
574
Views
0
Helpful
4
Replies
CreatePlease to create content