cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
303
Views
0
Helpful
2
Replies

Wireless authentication - Allow PEAP, but not LEAP?

tmoffett
Cisco Employee
Cisco Employee

Hi,

Consider the following SWAN environment:

Aironet 1200 IOS APs, with a reasonably current version.

Cisco ACS for windows.

Cisco Wireless cards - some as old as 350s.

* LEAP authentication for WDS.

* PEAP authentication for WLAN clients.

where WDS LEAP authentication is performed by ACS for windows and PEAP is also there a way to only allow

2 Replies 2

mchin345
Level 6
Level 6

Try doing the following.

go to the 'Leap' section under System Configuration > Global Authentication Setup and uncheck the 'Allow LEAP (For Aironet only)' option . By doing this you are denying Leap Authentication happening on the ACS Server.

Also, note that Leap and Peap authentication can only be enabled or disabled globally on the ACS server and group or device specific authentication is not possible.

I know how to disable it. That is the problem. If I do disable LEAP globally, then LEAP authentication will not work for WDS. Therein lies my problem.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: