Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : LEAP Bypass

LEAP Bypass

Nov 30,2009 by alperen

small font medium font large font
image

IEEE 802.1X is a standard for authentication on wired and wireless networks providing wireless LANs with strong mutual authentication between clients and authentication servers. 802.1X provides dynamic per-user, per-session wireless encryption privacy (WEP) keys, thereby removing administrative overhead and security concerns related to static WEP keys.

Lightweight Extensible Authentication Protocol (LEAP) is Cisco Systems 802.1X wireless authentication technology that implements mutual authentication between a wireless client and a RADIUS server. The authentication credentials, including a password, are always encrypted before they’re transmitted over the wireless medium.

LEAP Bypass allows LEAP packets from devices behind a VPN 3002 to travel across a VPN tunnel before individual user authentication. This allows wireless workstations using access point devices to establish LEAP authentication, and then authenticate again using individual user authentication, if enabled.

Without this technology, LEAP users behind a VPN 3002 are caught in a Catch-22. They can’t authenticate on the wireless network because they can’t access the VPN tunnel to get to the RADIUS. They can’t access the VPN tunnel because they haven’t authenticated on the wireless network.

The VPN Concentrator administrator enables LEAP Bypass on a per group basis at the central site, using a check box on the HW Client tab on the Group configuration page. The LEAP packets travel over the tunnel to a RADIUS server via ports 1645 or 1812.

LEAP Bypass functions properly if the following conditions are met.

  • Interactive unit authentication must be disabled, otherwise, a non-LEAP (wired) device needs to authenticate the VPN 3002 before LEAP devices can connect using the tunnel.

  • Individual user authentication is enabled, otherwise, LEAP Bypass isn’t needed.

  • The VPN 3002 device can be in either Client mode or Network Extension mode.

  • Wireless Access points must be Cisco Aironet Access Points.

  • The Cisco Aironet Access Point must be running Cisco Discovery Protocol (CDP).

  • The wireless NICs for the PCs can be from other manufacturers.

While the LEAP and LEAP Bypass technologies are sound, some security risk always exists in allowing any unauthenticated traffic to traverse the secure tunnel.


353 times read

Related news
» Configuring Cisco VPN 3002 Remote Clients Questions Answers
by alperen posted on Dec 05,2009
» Extensible Authentication Protocol
by alperen posted on Apr 29,2010
» Open System Security
by alperen posted on May 03,2010
» Securely Identifying Wireless Traffic
by alperen posted on Apr 29,2010
» Other VPN 3002 Software Features
by alperen posted on Nov 30,2009
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.