Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Dynamic WEP-keys or WPA with PEAP? risks etc

Hello!

We are bound to deploy a large WLAN at a school here, both for student and employee acess. We have a wired system based on 802.1x and PEAP so we are going to keep PEAP for the WLAN as authentication mechanism.

The AP's will probably be 1230 and a complete mixture of client-adapters (especially from students), we can rule wich adapters the employees are "permitted" to use.

Now to the encryption-issue... As we see it it is the WPA-concept OR dynamic WEP-keys(fast aging of both broadcast and session-keys). What are the pro's and con's here? Considering security and access?(students with adapters that don't support WPA) One option is of course to force users to user WPA-only adapters.

How great is the "realistic" risk of unauthorized access with dynamic wep-keys vs WPA? Is there any documented methods on breaking "5 mins alive"WEP-keys?

I dont think you can run both WPA and WEP in the AP and differentiate in wich SSID the client connects to?

/Fred - Sweden

2 REPLIES
Silver

Re: Dynamic WEP-keys or WPA with PEAP? risks etc

I think you can achieve this by using VLAN in Access Points. To know more go through the following document,

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml

New Member

Re: Dynamic WEP-keys or WPA with PEAP? risks etc

There is a good argument to go WPA vs dynamic wep, but as you seem to alude to, you know that WPA is as prevalent as it's supposed to be (what happend to Aug 2003? ).

Anyway, dynamic WEP, rotated frequently enough, will provide you adequate encryption of the air waves, if you combine it with PEAP for user authentication, imho.

292
Views
0
Helpful
2
Replies
CreatePlease to create content