LANCOM Support Knowledgebase
Document No. 1009.0810.5419.RHOO - V1.70
LEPS-MAC: Setting up LEPS (LANCOM Enhanced Passphrase Security) in LANCOM access points
The following document describes how to configure
(LANCOM Enhanced Passphrase Security) on a LANCOM access point.
What is LEPS-MAC?
LEPS-MAC uses an additional column in the ACL (access-control list) to assign an individual passphrase consisting of any 8 to 63 ASCII characters to each MAC address. Authentication at the access point is only possible with the correct combination of passphrase and MAC address.
This combination makes the spoofing of the MAC addresses futile—and LEPS-MAC thus shuts out a potential attack on the ACL. If WPA2 is used for encryption, the MAC address can indeed be intercepted—but this method never transmits the passphrase over wireless. This greatly increases the difficulty of attacking the WLAN as the combination of MAC address and passphrase requires both to be known before an encryption can be negotiated.
LEPS-MAC can be used both locally in the device and centrally managed by a RADIUS server. LEPS-MAC works with all WLAN client adapters available on the market without any modification. Full compatibility to third-party products is assured as LEPS-MAC only involves configuration in the access point.
Compared to LEPS-U, the administrative overhead is slightly higher because the MAC address has to be entered for each
LCOS as of version 7 (
download latest version
LANtools as of version 7 (
download latest version
must be activated on the access point as its encryption method.
Configuring the LANCOM access point:
Switch to the menu item
Wireless LAN -> Stations -> Station rules
As of LCOS version 10.20
, this configuration dialog is located in the menu
Wireless LAN -> Stations/LEPS -> LEPS-MAC -> Station Rules
Enter the WLAN client's
under MAC address
Give the station a
to be used by the WLAN client to associate with the access point.
Please observe that the passphrase can contain a maximum of 63 characters. No special characters may be used (accents, umlauts, etc.). The following characters can be used for the passphrase:
No changes have to be made to the WLAN client's configuration.
All you have to do to associate with the WLAN network is to enter the passphrase for authentication.
When operating LEPS, please ensure that the passphrase entered under
Wireless LAN -> Stations
is valid for all of the other active SSIDs.
The WLAN client is no longer able to use the global passphrase defined under
WLAN -> 802.11i/WEP -> WPA or private WEP settings
to associate with a WLAN network using this access point.
Catchwords: LEPS; leps; WPA; Security; 802.11i
Please review this document!
This document was helpful
This document was