LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE
802.1x.
Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key expires when
the wireless connection times out, disconnects or reauthentication times out. A new WEP key
is generated each time reauthentication is performed.
If this feature is enabled, it is not necessary to configure a default encryption key in the
Wireless screen. You may still configure and store keys here, but they will not be used while
Dynamic WEP is enabled.
Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use
dynamic keys for data encryption. They are often deployed in corporate environments, but for
public deployment, a simple user name and password pair is more practical. The following
table is a comparison of the features of authentication types.
Table 109 Comparison of EAP Authentication Types
Mutual Authentication
Certificate – Client
Certificate – Server
Dynamic Key Exchange
Credential Integrity
Deployment Difficulty
Client Identity Protection
WPA and WPA2
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE
802.11i) is a wireless security standard that defines stronger encryption, authentication and
key management than WPA.
Key differences between WPA or WPA2 and WEP are improved data encryption and user
authentication.
Appendix D Wireless LANs
EAP-MD5
EAP-TLS
No
Yes
No
Yes
No
Yes
No
Yes
None
Strong
Easy
Hard
No
No
P-334U/P-335U User's Guide
EAP-TTLS
PEAP
Yes
Yes
Optional
Optional
Yes
Yes
Yes
Yes
Strong
Strong
Moderate
Moderate
Yes
Yes
LEAP
Yes
No
No
Yes
Moderate
Moderate
No
283