PEAP is a new Extensible Authentication Protocol (EAP) IEEE 802.1x authentication type
designed to take advantage of server-side EAP-Transport Layer Security (EAP-TLS) and to
support various authentication methods, including users' passwords and one-time
passwords, and Generic Token Cards.
Authentication Protocols
● Generic Token Card (GTC): Carries user specific token cards for authentication. The
main feature in GTC is Digital Certificate/Token Card-based authentication. In
addition, GTC includes the ability to hide user name identities until the TLS encrypted
tunnel is established, which provides additional confidentiality that user names are not
being broadcasted during the authentication phase.
● MS-CHAP-V2: Refer to MS-CHAP-V2 above.
● TLS: The TLS protocol is intended to secure and authenticate communications across
a public network through data encryption. The TLS Handshake Protocol allows the
server and client to provide mutual authentication and to negotiate an encryption
algorithm and cryptographic keys before data is transmitted. Refer to
TLS above.
Cisco Features
Cisco LEAP
Cisco LEAP (Cisco Light EAP) is a server and client 802.1x authentication through a user-
supplied logon password. When a wireless access point communicates with a Cisco LEAP-
enabled RADIUS (Cisco Secure Access Control Server [ACS]), Cisco LEAP provides access
control through mutual authentication between client wireless adapters and the wireless
networks and provides dynamic, individual user encryption keys to help protect the privacy
of transmitted data.
Cisco Rogue Access Point Security Feature
The Cisco Rogue Access Point feature provides security protection from an introduction of a
rogue access point that could mimic a legitimate access point on a network in order to
extract information about user credentials and authentication protocols that could
compromise security. This feature only works with Cisco's LEAP authentication. Standard
802.11 technology does not protect a network from the introduction of a rogue access point.
Refer to LEAP Authentication for more information.
Fast Roaming (CCKM)
When a wireless LAN is configured for fast reconnection, a LEAP-enabled client device can
roam from one access point to another without involving the main server. Using Cisco