1. Home
  2. Cisco Systems
  3. LEAP authentication and RSN

LEAP authentication and RSN

Hello, Anyone know how an 802.11 station is supposed to know that a Cisco Aironet 1200 access point requires LEAP authentication? I would expect it would pick up on RSN information elements in beacons along with the required LEAP type in an EAPOL packet, but my AP doesn't seem to put RSN data in the beacons (verified with a sniffer) no matter how I configure it.

I'm not sure if this is a simple misconfiguration of the access point or just my misunderstanding of the protocol. It doesn't seem to be mentioned in the LEAP spec (CCX v1). What makes a station think "I'll try using LEAP", or is it supposed to just guess?

Thanks is advance, Paul.

Reply to
paulyb
Loading thread data ...

It's not up to the AP to tell the supplicant which EAP flavor to use, it's up to the RADIUS server to negotiate this with the supplicant. This is done via an EAP Request frame of an Authentication Protocol type. See fig. 7.3 in

formatting link
.

One way to watch the EAP negotiations is to turn on Ethernet-II layer packet capture on the PC's wireless adapter. E.g. run Wireshark in nonpromiscuous mode.

Aaron

Reply to
Aaron Leonard

Yes, I understand the EAP type is negotiated in step 3 of the 802.11 spec, section 8.1.3: About the the station ... "

1) It identifies the AP as RSNA-capable from the AP's Beacon or Probe Response frames. 2) It shall invoke Open System authentication. 3) It negotiates cipher suites during the association process, as described in 8.4.2 and 8.4.3. " My question was more about step 1, given that I've switched Network-EAP on and the Aironet 1200 isn't putting out the IEs (recent firmware v:12.3.8-JA2). The LEAP spec is probably pre-all this lot, so also doesn't mention it at all.

That you for the article reference. It is very relevant to me at the moment. Some weekend reading :) Regards, Paul.

Aar> It's not up to the AP to tell the supplicant which EAP flavor to use,

formatting link
.

Reply to
paulyb

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.