Hi All,
I understand from readings that there are conditions when both network
and open eap are to be offered. When there are legacy cisco client and
3rd party clients, usually both eaps need to be enabled to support
various eap authentication methods. Also when a wireless link needs to
be established with a secure setup between 2 autonomous AP, you need
to enable network and open to allow the APs to be offered LEAP before
they choose the more secure configured option (eg EAP-FAST). However,
since having both eap works for every scenario, will I be penalised in
the lab if i enable both? Or is there eap mehtods that can only work
with open eap only? This is sparked from question 3.2 for ssid Test6
which from the DSG, i noticed both EAP are offered for EAP-FAST while
the others only offer open EAP for PEAP. I do notice the CCKm
requirement which may infer that cisco phones/devices are used by the
SSID, hence the need for network leap?
Another question regarding the same lab, when aes is offered, a key
management must be configured. This can be wpa or cckm. what does the
WPA mean? Does it mean mixed wpav1 and v2 or only v1. IN the new IOS
for 1252, there is the choice for wpa, wpav1 and wpav2. For the 7921
(1.3.3 for mine), if aes is configured only wpa2 will be used
regardless of whether wpa is set as the key management or not. With
only CCKM (with or without wpa again), it still uses WPA2 AES without
cckm (since my phone with 1.3.3 doesn't support wpa2 aes + cckm).
However, if tkip is set, with only cckm setup (with or without wpa
actually), the 7921 will work in wpa tkip + cckm. This is confusing to
me as to whether wpa should be set with cckm into the key management
when aes is required in the question.
Alvin B
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
