Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PEAP-MSCHAPv2

Hi,

I'm still today a bit confused around the PEAP authentication, WEP encryption, etc.

How does it work if we want to work with Dynamic WEP keys? to avoid that user's need to know an extensive WepKey? is it less secure then working with Fixed WEP keys?

Jorge

5 REPLIES
Hall of Fame Super Blue

Re: PEAP-MSCHAPv2

Hi Jorge

When you use PEAP authentication once you have authenticated via the radius server a dynamic key is then generated by the Radius server and handed back to the client. This key is then renewed after a certain period of time which is configurable by you.

This is much more secure than using a fixed key as the key will keep changing in addition to which it is a lot easier to manage ie. if your fixed key was compromised you would need to change it manually on the client computer.

HTH

Jon

New Member

Re: PEAP-MSCHAPv2

How should it then be configured on the AP ?

Do I need to mention an WEP key there?

encryption vlan 150 key 1 size 128bit 7 B5429C53514B971BC3FCC06333D transmit-key

encryption vlan 150 mode wep mandatory

Hall of Fame Super Blue

Re: PEAP-MSCHAPv2

Jorge

No, with dynamic keys you should never have to type in a WEP key as this will be generated automatically for you.

What AP and which version of software are you using.

Jon

New Member

Re: PEAP-MSCHAPv2

is an AIR-AP1231G-E-K9

with ios 12.3(8)JEB

What should I insert then in the AP? to tell him it should be Dynamic WEP?

Jorge

Hall of Fame Super Blue

Re: PEAP-MSCHAPv2

Jorge

Attached is a link to configuring WEP keys for the AP1230 with your version of IOS. The first pafrt is about configuring static WEP keys which you don't want. The second "Enabling Cipher Suites and WEP" is the one you are interested in.

http://www.cisco.com/en/US/docs/wireless/access_point/12.3_8_JA/configuration/guide/s38wep.html#wp1036363

HTH

Jon

384
Views
0
Helpful
5
Replies