I'm having a problem understanding how LEAP works and I guess any 802.1x authentication protocol. I thought that with LEAP along with PEAP, EAP-TLS, etc...that after authentication takes place, the client and Radius Server agree on the dynamic WEP key. In actually configuring LEAP on the AP (1200), however, I noticed you have to manually set the WEP key. However, on the client, I didnt have to set any WEP key on the client or anything for it to authenticate to the AP using LEAP. Everything is working fine and the client succesfulling authenticates to the AP. My question is though, why do you specifically have to manually enter a WEP key in on the AP, if the client and server dynamically create one? What is the purpose the manual key. I thought that the key configured on the AP might be the GROUP key for broadcast and multicasts, but this seems like this would defeat the whole point of the dynamic keys and information being secure. Could someone clarify this and tell me the reasoning for the manual key having to be inputted on the AP.
Actually the key you are referring to is not the session key used for encrypting data traffic. This key is actually used to encrypt the username/password sent in clear text from the client to the ACS server. One the client is authenticated with this isername/password, this wep key will no longer be used and the dynamically generated WEP key will be used.
Here is a document explaining LEAP authentication without WEP key but with shared secret key which is a must always.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...