Home: www.packetnexus.com
--Hushpart_boundary_aLagWpteUOIFAOGDeRRPKvqjfoOwuezG
Content-type: text/plain
I put out some wrong information in an earlier post about
Cisco's "proprietary" implimentation (LEAP) of EAP. Since I don't
like "disinformation"; I posted below the explantion of the difference
between the two.
(courtesy Cisco DOCS!)
Also, EAP-TLS (Microsoft) is and extension of the EAP
standard to utilize mutual authentication using certificates (i.e.
smartcards)
while also doing
the EAP portion of creating session keys; and passing them through ssl (TLS)
------------------------------------------------------------------------
-------------------------------
EAP and LEAP
EAP is an optional IEEE 802.1x security feature that is ideal for
organizations
with a large user base and access to an EAP-enabled Remote Authentication
Dial-In User Service (RADIUS)
server, such as Cisco Secure ACS 2.6. The RADIUS server uses EAP to provide
server-based authentication for clients.
Server-based authentication can be enabled for your client adapter in one
of two ways:
Through a host device and code built into its operating system
(referred
to as EAP)
Through your client adapter's firmware and Cisco software (referred
to as LEAP)
This method provides authentication service to client adapters whose
host devices are not running an operating system with built-in EAP support.
The term LEAP is used to distinguish authentication provided by the client
firmware from authentication provided by a host and its operating system.
For Windows 95, 98, NT, 2000, or Me or future Windows operating systems,
the Aironet Client Utility setup program, which installs the client
utilities,
is used to enable LEAP or EAP. After LEAP or EAP is enabled and the
computer
is rebooted, the client adapter authenticates to the RADIUS server using
the username and password entered by the user at the network logon. See
the "Installing the Client Utilities and Enabling LEAP or EAP" section for
instructions on using the Aironet Client Utility setup program to enable
LEAP or EAP.
For Windows CE, Linux, and MacOS 9.x, LEAP is enabled through a particular
screen in the client utilities. The username and password entered in this
screen are used by the client adapter to authenticate to the RADIUS server.
In Windows CE, you do not need to re-enter your username and password after
your device is rebooted or your client adapter is ejected. In Linux and
MacOS 9.x, the username and password need to be re-entered at the start
of each new session. See the Cisco Aironet Wireless LAN Adapters Software
Configuration Guide for instructions on enabling LEAP through the client
utilities.
When you enable EAP on your Access Points and LEAP or EAP on your client
adapter, authentication to the network occurs in the following sequence:
1. The client adapter uses the username and password to start the
authentication
process.
2. The Access Point communicates with the EAP-compliant RADIUS server
to authenticate the username and password.
3. If the username and password are valid, the RADIUS server and the
client adapter negotiate a dynamic, session-based WEP key. The key, which
is unique for the authenticated client, provides the client with secure
network access.
4. The client and Access Point use the WEP key for all data
transmissions
during the session.
Free, encrypted, secure Web-based email at www.hushmail.com
--Hushpart_boundary_aLagWpteUOIFAOGDeRRPKvqjfoOwuezG--
Back to the Index