We've got about 120 aironet 1100s in use. They're all configured for the use with leap "authentication network-eap eap_methods"
Since we're using all aironet 352 Pcmcia cards we don't have any problems.
Now we are in the negotiation phase for new handhelds using other brand of networkcards (Intel) which do not cope well with leap. The supplier now claims that we have to reconfigure our ap's with following line "authentication open eap eap_methods" to make it work. They're not able to put a cisco card in their device and it seems the only way to make things work.
As I understand "authentication open eap eap_methods" opens the gate for all kinds op eap such as PEAP, EAP-TLS, EAP. So we are tearing down the security of our network by doing this. There's a lot of confusing information about this going around.
Are we facing here a security issue by changing our config in this way?
PEAP & EAP-TLS are considered more secure than LEAP. LEAP uses MSCHAP to transfer a hash of the password which is volnurable to dictionary attacks. PEAP & EAP-TLS transfer the auth info inside a TLS tunnel which is fully secure. If you don't want to change your existing clients, I would recommend you create a new SSID for your new EAP type and bind it to a new VLAN. This will allow you to run LEAP and PEAP/EAP-TLS at the same time.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...