Cisco Cisco MGX-FRSM-HS2 B Serial Frame Service Module Information Guide
© 2005 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 2 of 5
FEATURES AND BENEFITS
Q.
What are the security benefits of Cisco LEAP?
A.
Cisco LEAP overcomes the major limitations of 802.11 wireless security through extensible authentication support to other back-end
directories (Windows NT, Windows Active Directory, and Open Database Connectivity [ODBC]) or to Cisco LEAP proxy RADIUS servers such
as Cisco Secure Access Control Server (ACS) and Cisco Network Registrar
®
.
Q.
What are the enterprise benefits of Cisco LEAP?
A.
Cisco LEAP is a widely deployed, market-proven component of the Cisco Unified Wireless Network. It is available with numerous client
adapter types, including application-specific devices (ASDs), from Cisco, Cisco Compatible Extensions partners, and numerous client device and
network interface card (NIC) manufacturers. Cisco LEAP provides:
•
True single login with an existing user name and password using Windows NT/2000 Active Directory
•
Simplified, inexpensive deployment and administration for IT managers
•
Reliable, scalable, centralized security management
•
High-performance, upgradable enterprise-class security
•
Dynamic privacy protection when used in conjunction with Temporal Key Integrity Protocol (TKIP) or the Advanced Encryption Standard (AES)
DEPLOYMENT
Q.
How does Cisco LEAP authentication work?
A.
A wireless client needs to be authenticated by a RADIUS server, and can only transmit EAP traffic until it is authenticated. After end-
user login, mutual authentication between the client and the RADIUS server occurs. A dynamic encryption key is derived during this mutual
authentication at the client and the RADIUS server. The RADIUS server sends the dynamic encryption key to the access point via a secure channel.
After the access point receives the key, regular network traffic forwarding is enabled at the access point for the authenticated client. The credentials
used for authentication, such as a login password, are never transmitted over the wireless medium without encryption. Upon client logoff, the client
association entry in the access point returns to the nonauthenticated mode.
Q.
What client operating systems does Cisco LEAP support?
A.
Cisco LEAP supports numerous client operating systems, including Microsoft Windows, Mac OS, Linux, DOS, and Windows CE.
Q.
What RADIUS servers and user databases does Cisco LEAP support?
A.
Cisco LEAP supports the following RADIUS servers and user databases: Cisco Secure ACS, Cisco Network Registrar, Funk Odyssey Server,
Funk Steel-Belted, and products that use the Interlink Networks server code (such as LeapPoint appliances).
Q.
What Cisco wireless devices does Cisco LEAP support?
A.
Cisco LEAP supports several Cisco wireless products, including Cisco Aironet autonomous and lightweight access points, Cisco wireless
LAN controllers, workgroup bridges, wireless bridges, and repeaters, and many Cisco and Cisco Compatible WLAN client devices.
Q.
Is Cisco LEAP authentication available on wireless clients from vendors other than Cisco?
A.
Yes. Cisco LEAP authentication is available for
Cisco Compatible Extensions
products.
Q.
Where can I learn more about deploying Cisco LEAP?
A.
Please read the
Deployment Guide: Configuring the Cisco Wireless Security Suite
to learn more about deploying Cisco LEAP.