Guest

Cisco Aironet Wireless LAN Client Adapters

Software: Protected Extensible Authentication Protocol Support

Table Of Contents

Product Bulletin No. 1942

Installation Information:

Download the New Software for this Release:

Related Information:


Product Bulletin No. 1942


Software: Cisco Wireless Security Suite for
Cisco Aironet Products Now Includes Protected
Extensible Authentication Protocol
Support
Product Bulletin No. 1942

Cisco Systems announces the expansion of the Cisco Wireless Security Suite to include Protected Extensible Authentication Protocol (PEAP) support for Cisco Aironet® wireless LAN client adapters.

PEAP is a new Extensible Authentication Protocol (EAP) IEEE 802.1X authentication type designed to take advantage of server-side EAP-Transport Layer Security (EAP-TLS) and to support various authentication methods, including logon passwords and one-time passwords (OTPs). Several 802.1X authentication types exist, each providing a different approach to authentication while relying on the same framework and protocol—EAP—for communication between a client and an access point.

With 802.1X authentication, mutual authentication is implemented between the client and a Remote Authentication Dial-In User Service (RADIUS) server connected to the access point. The credentials used for authentication, such as a logon password, are never transmitted without encryption over the wireless medium. Most 802.1X types support dynamic per-user, per-session Wired Equivalent Privacy (WEP) keys to remove the administrative burden and security issues surrounding static WEP keys.

With the Cisco Wireless Security Suite, an 802.1X-based enterprise-class security solution, customers may choose from a variety of 802.1X EAP authentication types—including LEAP, EAP-TLS, and PEAP—to secure their wireless LANs (WLAN).

LEAP—Server and client authentication via a user-supplied logon password. Supported on all current versions of Windows, Windows CE, Mac OS, Linux, and MS-DOS.

EAP-TLS—Server and client authentication via digital certificates. Supported on Windows XP.

PEAP—Server authentication via a digital certificate; client authentication via a user-supplied password or OTP. Supported on Windows XP.

PEAP supports a variety of user databases, including Windows NT or 2000 domains, Lightweight Directory Access Protocol (LDAP) databases, Novell Directory Services (NDS), and OTP databases. RADIUS servers that support PEAP authentication include Cisco Secure Access Control Server (ACS) version 3.1 or greater.

PEAP is based on an Internet Draft (I-D) submitted to the Internet Engineering Task Force (IETF) by Cisco Systems, Microsoft, and RSA Security. Glen Zorn, a Cisco innovator, was the Cisco Systems lead engineer and coauthor of this I-D.

Installation Information:

To enable PEAP on a client machine, users must install the Cisco Aironet Client Utility version 5.05.001, connect to a Cisco Aironet Access Point running version 11.23T or later, and be authenticated by a Cisco Secure ACS Version 3.1 or greater.

PEAP client software from Cisco is complementary to PEAP client software from Microsoft. Users may choose to install either of these PEAP implementations on their client machines.

Download the New Software for this Release:

Cisco Aironet Client Utility version 5.05.001:

ACUv505001.exe

ACUv505001ReleaseNotes.pdf

Related Information:

Cisco Aironet and Cisco Secure Access Control Server Security Implementations for the Cisco Wireless Security Suite

Cisco Aironet 1200 Series

A Comprehensive Review of 802.11 Wireless LAN Security and the Cisco Wireless Security Suite (See PEAP Section 8.3)

Cisco Aironet Wireless LAN Security Overview

Wireless LAN Security Web site

EAP-TLS for Wireless LAN Networks

Cisco Secure Access Control Server (ACS)

PEAP Internet Draft submitted to IETF—Please visit the IETF I-D Individual Submissions Web site and search for "Protected EAP Protocol (PEAP)".