04-05-2002 12:20 PM - edited 07-04-2021 11:04 PM
I have both MIC and TKIP enabled and working fine with my Cisco 350 AP's and Clients. (All new cisco gear). Both are at the latest versions of software and firmware.
I wish to use LEAP with an ACS server.
Do I need to turn off TKIP when I go with LEAP?
The cisco doc's say this is redundant, but you can run TKIP and LEAP at the same time. I called TAC to get some advise and they said I must turn off TKIP if I start running LEAP. But the Cisco online seminar I just sat for said leave all three running for added protection.
Any thoughts on this? I'm confused.
04-16-2002 07:00 AM
TKIP is independent of LEAP. It will work with static WEP keys, LEAP, EAP-TLS environments.
04-30-2002 08:06 AM
TKIP and LEAP function together very well and, in fact, Cisco recommends running both.
TKIP is an adaptation of RSA's fast packet keying proposal in which the WEP key is hashed using the IV. Since the IV changes (randomly on Cisco AP's) for every packet, each packet will have a unique WEP key.
Coupling that with LEAP, which provides WEP key rotation on a timed interval or whenever a user reauthenticates, will mitigate any known attacks on WEP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide