Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Can TKIP and LEAP work together

I have both MIC and TKIP enabled and working fine with my Cisco 350 AP's and Clients. (All new cisco gear). Both are at the latest versions of software and firmware.

I wish to use LEAP with an ACS server.

Do I need to turn off TKIP when I go with LEAP?

The cisco doc's say this is redundant, but you can run TKIP and LEAP at the same time. I called TAC to get some advise and they said I must turn off TKIP if I start running LEAP. But the Cisco online seminar I just sat for said leave all three running for added protection.

Any thoughts on this? I'm confused.

New Member

Re: Can TKIP and LEAP work together

TKIP is independent of LEAP. It will work with static WEP keys, LEAP, EAP-TLS environments.

New Member

Re: Can TKIP and LEAP work together

TKIP and LEAP function together very well and, in fact, Cisco recommends running both.

TKIP is an adaptation of RSA's fast packet keying proposal in which the WEP key is hashed using the IV. Since the IV changes (randomly on Cisco AP's) for every packet, each packet will have a unique WEP key.

Coupling that with LEAP, which provides WEP key rotation on a timed interval or whenever a user reauthenticates, will mitigate any known attacks on WEP.

CreatePlease to create content