Solved: EAP-TLS uses WEP ?

remco.gussen · ‎04-02-2008

Why do you need to configure WEP as data encryption when using EAP-TLS ?

"Ensure that Data Encryption is set to WEP"

Can't you use WPA2 ?

Gr.

Remco

Pushkar Sambhoos · ‎04-03-2008

Remco,

1. What do I have to do to configure EAP-TLS ??

In order to configure EAP-TLS the only configuration on the WLC is selection of 802.1x on the Layer 2 Security Screen.

2. Users must have a user certificate and the computers need a computer certificate. IAS Server needs a server certificate.

You RADIUS server needs to have a certificate and this needs to be added on each client to the list of trusted certificates. There is no configuration required on the controller side for this.

3. I want to use WPA/PWA2 enterprise with AES encryption. In all the documents you can see that the client is configured with WEP.

By default if you choose 801.x on the layer 2 security, WEp is used as the encryption. You have to understand these are two different things. One is encryption (TKIP/AES and another is authentication 801.x). So if you want to use WPA2 with EAP-TLS, you need to select WPA1+WPA2 as the Layer 2 Security and then select 802.1x on the same screen under "Auth Key Mgmt" select 802.1x

Let me know if this answers your question.

--

Pushkar

View solution in original post

Scott Fella · ‎04-02-2008

What device do you have.... WPA or WPA2 is usually the choice... not WEP. Here is a link to EAP-TLS for an WLC.

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917a6.shtml#t19

-Scott
*** Please rate helpful posts ***

Pushkar Sambhoos · ‎04-02-2008

Remco,

If you want to use EAP-TLS as the authentication and WEP as the encryption, you need to set the following on a WLAN on the controller.

Under Security ---> Layer 2 in a WLAN, Select "Layer 2 Security" as 802.1x and the "802.1X Parameters" to WEP with the key length you want. You ACS server should be configured to do EAP-TLS. The client should also be configured appropriately.

--

Pushkar

remco.gussen · ‎04-03-2008

What I want is this:

A secure wireless network (already did PEAP MS-CHAP v2, but want to try EAP-TLS).

What do I have to do to configure EAP-TLS ??

Users must have a user certificate and the computers need a computer certificate. IAS Server needs a server sertificate.

I want to use WPA/PWA2 enterprise with AES encryption...

In all the documents you can see that the client is configured with WEP...

Regards

Remco

Pushkar Sambhoos · ‎04-03-2008

Remco,

1. What do I have to do to configure EAP-TLS ??

In order to configure EAP-TLS the only configuration on the WLC is selection of 802.1x on the Layer 2 Security Screen.

2. Users must have a user certificate and the computers need a computer certificate. IAS Server needs a server certificate.

You RADIUS server needs to have a certificate and this needs to be added on each client to the list of trusted certificates. There is no configuration required on the controller side for this.

3. I want to use WPA/PWA2 enterprise with AES encryption. In all the documents you can see that the client is configured with WEP.

By default if you choose 801.x on the layer 2 security, WEp is used as the encryption. You have to understand these are two different things. One is encryption (TKIP/AES and another is authentication 801.x). So if you want to use WPA2 with EAP-TLS, you need to select WPA1+WPA2 as the Layer 2 Security and then select 802.1x on the same screen under "Auth Key Mgmt" select 802.1x

Let me know if this answers your question.

--

Pushkar