Document Number: OSUP1033
Product: Observer 8.1 or greater
Date: 3-28-2002
Title: Cisco's Use of EAP/LEAP in Wireless Communications

Cisco's Use of EAP/LEAP in Wireless Communications

EAP and LEAP are described best in the following Cisco documentation:

Cisco has supported 802.1x authentication for 802.11 LANs since November 2000 with the introduction of the Lightweight Extensible Authentication Protocol (LEAP) algorithm. Cisco 802.1x/LEAP provides user-based, centralized authentication, as well as per-user wired equivalent privacy (WEP) session keys. Wireless LAN network administrators have been taking advantage of the simplified user and security administration that LEAP provides. Cisco support for 802.1x includes support for most EAP authentication types. With the introduction of Windows XP, Cisco supports the Transport Layer Security (TLS) EAP subtype, EAP-TLS, as well.

Typically to use EAP/LEAP the site must also employ a RADIUS server.

EAP/LEAP use private keys to authenticate with a RADIUS server, then dynamic keys are used to encrypt communication on a user by user basis, with no two users ending up with the same keys.

Observer can not decrypt the DATA from a site that implemented EAP/LEAP. But this does not mean Observer is not useful. On the contrary, since all management and control packets are not encrypted, wireless troubleshooting will not be effected by the use of EAP/LEAP.

If an administrator wants to troubleshoot the actual data in the conversation, they should just collect the data on the wired side where there is no encryption and all protocols will be decoded. Since Observer supports both wired topologies (i.e. Ethernet, Token Ring and FDDI) as well as wireless topologies to troubleshoot both sides of a conversation (wireless management+control AND full wired data) you only need one product.