Dynamic Wep Keys With Leap - Cisco Aironet 340 Series Installation And Configuration Manual
Wireless lan client adapters windows ce
Hide thumbs
Also See for Aironet 340 Series:
- Configuration manual (206 pages) ,
- Hardware installation manual (80 pages) ,
- Quick start manual (16 pages)
Table of Contents
Advertisement
Chapter 4
Enabling Security Features
Dynamic WEP Keys with LEAP
The new standard for wireless LAN security, as defined by the Institute of Electrical and Electronics
Engineers (IEEE), is called 802.1X for 802.11, or simply 802.1X. An access point that supports 802.1X
and its protocol, Extensible Authentication Protocol (EAP), acts as the interface between a wireless
client and an authentication server, such as a Remote Authentication Dial-In User Service (RADIUS)
server, to which the access point communicates over the wired network.
The 802.1X authentication type that is available on Windows CE devices is EAP-Cisco Wireless, or
LEAP. Support for LEAP is provided not in the Windows CE operating system but in your client
adapter's firmware and the Cisco software that supports it. RADIUS servers that support LEAP include
Cisco Secure ACS version 2.6 and greater, Cisco Access Registrar version 1.7 and greater, and Funk
Steel-Belted RADIUS version 3.0 and greater.
LEAP is enabled in ACU, and a LEAP username and password are entered in the Wireless Login Module
(WLM). The username and password are used by the client adapter to perform mutual authentication
with the RADIUS server through the access point. The LEAP username and password are stored in the
client adapter's volatile memory; therefore, they are temporary and need to be re-entered whenever
power is removed from the adapter, typically due to the client adapter being ejected or the system
powering down.
Prior versions of the client software for Windows CE stored the LEAP username and password in the
Note
client adapter's nonvolatile Flash memory, which was referred to as device-level LEAP. If a LEAP
username and password are stored in your client adapter's Flash memory from a prior release, WLM
version 2.10 or greater erases them before a new username and password are written to the adapter's
volatile memory, thereby disabling device-level LEAP.
When you enable Network-EAP on your access point and LEAP on your client adapter, authentication
to the network occurs in the following sequence:
1.
2.
3.
4.
5.
Refer to the
entering the LEAP username and password.
Note
Refer to the IEEE 802.11 Standard for more information on 802.1X authentication and to the
following URL for additional information on RADIUS servers:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt2/scrad.htm
OL-1375-02
The client adapter associates to an access point and begins the authentication process.
Note
The client does not gain access to the network until mutual authentication between the
client and the RADIUS server is successful.
Communicating through the access point, the client and RADIUS server complete a mutual
authentication process, with the password being the shared secret for authentication. The password
is never transmitted during the process.
If mutual authentication is successful, the client and RADIUS server derive a dynamic,
session-based WEP key that is unique to the client.
The RADIUS server transmits the key to the access point using a secure channel on the wired LAN.
For the length of a session, or time period, the access point and the client use this key to encrypt or
decrypt all unicast packets that travel between them.
"Using LEAP" section on page 4-11
Cisco Aironet Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE
for instructions on enabling or disabling LEAP and
Overview of Security Features
4-3
Advertisement
Table of Contents
Troubleshooting
