Cisco Systems PI21AG, CB21AG Configuring LEAP, Accessing LEAP Properties for Configuration, 3-18

Chapter 3 Configuring EAP Types

Configuring LEAP

During authentication, the access point acts as a transparent relay for the conversation between the client and the RADIUS server. The EAPOL header is removed from EAPOL packets that come from the client. The contents of the EAPOL packet are added as an EAP attribute to a RADIUS request packet and sent to the RADIUS server. RADIUS packets from the server have the EAP attribute contents added to an EAPOL packet and sent to the client. The access point never examines the contents of the EAP data.

When the client associates to an access point, the access point sends an EAP identity request to the client. The client responds with a username. The RADIUS server then formats a LEAP challenge EAP attribute. The client sends a LEAP challenge response back to the RADIUS server.

If the user is invalid, the RADIUS server sends a RADIUS access-deny message that contains an EAP failure attribute. If the user is valid, the server sends a RADIUS access-challenge packet with an EAP success attribute. The client responds with a LEAP challenge. The server responds with a RADIUS access-accept packet that contains an EAP attribute with the LEAP challenge response. This packet also contains a Cisco vendor-specific attribute that informs the access point of the value of the encryption key. The client verifies the challenge response. If the response is invalid, client disassociates and attempts to find another access point.

802.11supports the use of up to four encryption keys for the traffic between a client and its access point. The access point uses one of the key indices for the session key. This key has a different value for each connection between the client and the access point.

The session key is derived from the user password and the contents of the LEAP challenges and responses that go to and from the client. 802.11 encryption might be based on a 40-bit key or a 128-bit key. The key derivation routines provide a key that is longer than needed.

Configuring LEAP

This section explains how to configure LEAP module settings. The following topics are covered in this section:

•Accessing LEAP Properties for Configuration, page 3-18

•Configuring LEAP Settings in the Network Credentials Tab, page 3-19

•Finding the Version of the LEAP Module, page 3-21

Accessing LEAP Properties for Configuration

To access the LEAP Properties window, perform the following steps:

Step 1 Click the Start button on the lower-left corner of the desktop.

Step 2 From the right pane, right-click Network.

Step 3 Select Properties.

Step 4 From the left pane, select Manage Wireless Networks.

Step 5 Double-click the wireless network.

Step 6 From the Wireless Network properties window, select the Security tab (see Figure 3-1).