3-18
Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide for Windows Vista
OL-16534-01
Chapter 3 Configuring EAP Types
Configuring LEAP
During authentication, the access point acts as a transparent relay for the conversation between the client
and the RADIUS server. The EAPOL header is removed from EAPOL packets that come from the client.
The contents of the EAPOL packet are added as an EAP attribute to a RADIUS request packet and sent
to the RADIUS server. RADIUS packets from the server have the EAP attribute contents added to an
EAPOL packet and sent to the client. The access point never examines the contents of the EAP data.
When the client associates to an access point, the access point sends an EAP identity request to the client.
The client responds with a username. The RADIUS server then formats a LEAP challenge EAP attribute.
The client sends a LEAP challenge response back to the RADIUS server.
If the user is invalid, the RADIUS server sends a RADIUS access-deny message that contains an EAP
failure attribute. If the user is valid, the server sends a RADIUS access-challenge packet with an EAP
success attribute. The client responds with a LEAP challenge. The server responds with a RADIUS
access-accept packet that contains an EAP attribute with the LEAP challenge response. This packet also
contains a Cisco vendor-specific attribute that informs the access point of the value of the encryption
key. The client verifies the challenge response. If the response is invalid, client disassociates and
attempts to find another access point.
802.11 supports the use of up to four encryption keys for the traffic between a client and its access point.
The access point uses one of the key indices for the session key. This key has a different value for each
connection between the client and the access point.
The session key is derived from the user password and the contents of the LEAP challenges and
responses that go to and from the client. 802.11 encryption might be based on a 40-bit key or a 128-bit
key. The key derivation routines provide a key that is longer than needed.
Configuring LEAP
This section explains how to configure LEAP module settings. The following topics are covered in this
section:
•
Accessing LEAP Properties for Configuration, page 3-18
•
Configuring LEAP Settings in the Network Credentials Tab, page 3-19
•
Finding the Version of the LEAP Module, page 3-21
Accessing LEAP Properties for Configuration
To access the LEAP Properties window, perform the following steps:
Step 1
Click the
Start
button on the lower-left corner of the desktop.
Step 2
From the right pane, right-click
Network
.
Step 3
Select
Properties
.
Step 4
From the left pane, select
Manage Wireless Networks
.
Step 5
Double-click the wireless network.
Step 6
From the
Wireless Network properties
window, select the
Security
tab (see
Figure 3-1
).