Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WPA2 enterprise security, no authentication security type in WiFi profile

 

We currently have a Cisco environment in which we use radius, WPA2 enterprise, AES encryption using PEAP to authenticate using our AD credentials.  

We've noticed that we can configure our windows 7 client users to connect to the network in 2 ways.  One way is to define all of the WAP2 settings for authentication.  However, we can also connect to the wireless network if we set up our clients with the wifi profile using "no authentication (open)".  

My question is, does the authentication process auto negotiate using encryption when we set them to "no authentication"?  Is there a real big downfall for configuring the clients this way?

 

 

1 REPLY

If you have in fact

If you have in fact configured the SSID for WPA2 w/ AES-CCMP L2 encryption using 802.1x key management, then there is absolutely no way your client is connecting to "that" WLAN with explicitly defining NO Open L2 Authentication. There would have to be another AP out there that is broadcasting this same SSID with no authentication configured.

Generally, if you don't "explicitly" configure the client, it will "negotiate", however the client often may not trust the server-side certificate presented, or may be trying to deliver a certificate (smartcard or other certificate) rather than using a defined PEAP configuration.  If you do "explicitly" configure NO Authentication, then there is no way this client would connect to a WPA2/AES encrypted WLAN.

 

201
Views
0
Helpful
1
Replies
CreatePlease login to create content