Specifications
Cisco Systems, Inc.
All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 2 of 42
Figure 2-1
Mixed 802.1x Protocol Deployment in a Wireless LAN Network
As shown in Figure 2-1, either the Cisco Access Control Server (ACS) or the Cisco Access Registrar can be used for
a combined LEAP and EAP-TLS protocol deployment in an enterprise network. Table 2-1 compares the
characteristics of the widely available EAP protocols:
As shown in Table 2-1, EAP MD5 does not support mutual authentication nor dynamic derivation of the Wired
Equivalent Privacy (WEP) key, which are essential for WLAN networks. Therefore, Cisco recommends that you do
not deploy EAP MD5 in a WLAN environment.
Table 2-1 Comparison of Widely Available 802.1x/EAP Authentication Protocols
802.1x/EAP
Compliance
Mutual
Authentication
Dynamic Wired
Equivalent Privacy
Support Operating System Support
Cisco EAP
(LEAP)
Yes Yes Yes Windows platforms (Windows
XP, 2000, 98, 95, ME and NT),
Windows CE, Linux, Disk
Operation System (DOS), and
Mac OS
EAP-TLS Yes Yes Yes Windows XP
1
1. Note: Microsoft has announced EAP support for legacy operating systems in 2002 (Windows 2000, Windows NT 4, Windows 98, Windows 98 Second Edition,
and Windows ME). Also, there are third-party EAP supplicants that provide support for EAP-TLS on various operating systems (Meetinghouse Data
Communications EAP supplicant, for example).
EAP MD5 Yes No No Windows XP
1
Cisco Access Registrar
(AAA Server)
Cisco Aironet
340/350/1200 Series
Cisco Aironet
340/350/1200 Series
EAP MD5 Client
EAP TLS Client
Leap Client
Leap Client
Cisco Secure
Access Control Server
(AAA Server)
Network Server
(User Database,
DHCP/DNS Services)
Cisco Certification
Authority Server
Enterprise
Network