Eap-Cisco Wireless Or Leap - Cisco AIR-PCM340 Installation And Configuration Manual

Chapter 4 Security Features
A Cisco Aironet client adapter running on the Mac OS operating system supports the following 802.1X
authentication type:
•

EAP-Cisco Wireless or LEAP

Support for EAP-Cisco Wireless or LEAP is provided in a Cisco Aironet client adapter's firmware and
the Cisco software that supports it. The RADIUS servers that support LEAP include Cisco Secure ACS
version 2.6 and above and Cisco Access Registrar version 1.7 and above.
LEAP is enabled or disabled using the client utility. When LEAP is enabled, the client adapter uses your
LEAP username and password to perform mutual authentication with the RADIUS server through the
access point. The username and password are stored in the client adapter's volatile memory; therefore,
they are temporary and need to be re-entered whenever the radio is turned off, the client adapter is
removed, or the Macintosh is powered down.
In Mac OS 9.x, when your computer is rebooted, a pop-up message appears to inform you that you
Note
must use the client utility to enter your LEAP username and password.
In Mac OS X, when your computer is rebooted, the Wireless Network Login screen appears and
Note
prompts you to enter your LEAP username and password.
When you enable Network-EAP on your access point and LEAP on your client adapter, authentication
to the network occurs in the following sequence:
a.
Note
b.
c.
d.
e.
Refer to the IEEE 802.11 Standard for more information on 802.1X authentication and to the
Note
following URL for additional information on RADIUS servers:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt2/scrad.htm
OL-1377-01
EAP-Cisco Wireless (or LEAP)
The client adapter associates to an access point and begins the authentication process.
The client adapter does not gain access to the network until the mutual authentication with
the authentication server is successful.
Communicating through the access point, the client adapter and the authentication server complete
a mutual authentication process, with the password being the shared secret for authentication. The
password is never transmitted during the process.
If mutual authentication is successful, the client adapter and the authentication server derive a
dynamic, session-based WEP key that is unique.
The authentication server transmits the key to the access point using a secure channel on the wired
LAN.
For the length of a session, or a time period, the access point and the client adapter use this key to
encrypt or decrypt all unicast packets that travel between them.
Cisco Aironet Wireless LAN Adapters Installation and Configuration Guide for Mac OS
Overview of Security Features
4-3