Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

LEAP Security

Dear Everyone

I work for a company with about 300 wireless users and 15 access points installed.

Currently I use LEAP authentication as security, which authorizes by username and

password, and thereafter it checks if MAC address is recorded in access list in

RADIUS , and then it establishes a connection.

My question is, is there any other method of AAA in order to increase security ? ,

on WiAPs, on RADIUS or in any other place.

Let's discuss this, and see if I use good AAA for network to be invulnerable as is available

2 REPLIES
Silver

Re: LEAP Security

LEAP is succeptable to dictionary attacks , but PEAP or EAP-TLS which are certificate based authentication types will be good.If ease of implementation is what you want then LEAP can be used

Re: LEAP Security

More on the PEAP and EAP-TLS. With PEAP, the certificate is only on the AAA server, you can do some validation so long as the client has a trust of the ROOT CA that issued the PEAP certificate. In EAP-TLS, the certificate is on the client as well as the AAA server. There are pros and cons to both, and I would recommend reading up on them.

Application Note for PEAP:

http://www.cisco.com/en/US/partner/products/hw/wireless/ps430/products_technical_reference_chapter09186a008025d6ee.html

EAP-TLS Deployment Guide:

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_white_paper09186a008009256b.shtml

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
268
Views
0
Helpful
2
Replies