Preface this by saying I am NOT a security expert. This is more for my own information/learning.
Just curious, but what is stopping you from using LEAP? Again, not being a security expert, I'm not familiar with PEAP. I would think that if your WLAN is in the DMZ, and has to create a VPN connection to your internal network, anything more is really overkill (SSH, etc). I guess along those lines tho, even requiring a VPN connection could be considered overkill if PEAP truly gives your the security you desire. I see what you mean about the WLAN being in the DMZ and if someone got your static key being able to access the internet. Whether using PEAP or a startic key, wouldn't it be possible to configure the AP to only allow certain MAC addresses. (Yes, a bit more administrative work initially, but would help prevent strangers from accessing.) Just thinking out loud. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61688&t=61685 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
