Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS and LEAP Authentication Is this Dynamic WEP ??

I am a bit confused reading through the relese notes on this subject. I am using 11.21 code and setting up my "NON Root" Bridge as a LEAP client.

This works fine.

I do not have any WEP keys entered in either device. If I do enter a WEP key, I can only seem to enter it on the ROOT side.

My question is, Can I setup WEP while using LEAP? How secure is the traffic between the bridges with just LEAP? Is this encrypted? Is there a dynamic WEP key being issiued ?

Any direction here would be greatly appreciated.

thanks

-pat

6 REPLIES
Silver

Re: ACS and LEAP Authentication Is this Dynamic WEP ??

This case study under “Security Standards—LEAP Solution” might help you understand dynamic WEP used in LEAP authentication.

New Member

Re: ACS and LEAP Authentication Is this Dynamic WEP ??

Thanks for the reply. Where can I this case study?

-pat

Silver

Re: ACS and LEAP Authentication Is this Dynamic WEP ??

Cisco Employee

Re: ACS and LEAP Authentication Is this Dynamic WEP ??

LEAP provides a superset of the functionality that is provided in WEP - if you use LEAP you do not need to define a static WEP key.

By setting the non-root bridge as a LEAP client all the communications between the root and non-root bridge will use a dynamic WEP key.

Other features available with Ciscos WEP implementation (static WEP or LEAP) are;

-- You can WEP key rotation on the RADIUS server to make sure the key is changed periodically - this will prevent IV reuse due to cycling through all the IVs.

-- Turn on the TKIP features and you will prevent Airsnort style tools from being able to exploit the FMS attack on weak IVs to recover your WEP key.

-- Enable MIC to prevent the "bit-flipping" attacks that have been publicized.

New Member

Re: ACS and LEAP Authentication Is this Dynamic WEP ??

Thanks very much for this great info.

-pat

New Member

Re: ACS and LEAP Authentication Is this Dynamic WEP ??

Can you have LEAP and static WEP clients at the same time?

I would like to have all users use LEAP if possible, but occasionally there are some users from an overseas office that want to connect with a static WEP key (128bit). Is this possible?

Thanks,

Arne

234
Views
0
Helpful
6
Replies