LANCOM Support Knowledgebase Document No. 1009.0810.5419.RHOO - V1.70

LEPS-MAC: Setting up LEPS (LANCOM Enhanced Passphrase Security) in LANCOM access points



Description:

The following document describes how to configure LEPS (LANCOM Enhanced Passphrase Security) on a LANCOM access point.
    What is LEPS-MAC?

    LEPS-MAC uses an additional column in the ACL (access-control list) to assign an individual passphrase consisting of any 8 to 63 ASCII characters to each MAC address. Authentication at the access point is only possible with the correct combination of passphrase and MAC address.

    This combination makes the spoofing of the MAC addresses futile—and LEPS-MAC thus shuts out a potential attack on the ACL. If WPA2 is used for encryption, the MAC address can indeed be intercepted—but this method never transmits the passphrase over wireless. This greatly increases the difficulty of attacking the WLAN as the combination of MAC address and passphrase requires both to be known before an encryption can be negotiated.

    LEPS-MAC can be used both locally in the device and centrally managed by a RADIUS server. LEPS-MAC works with all WLAN client adapters available on the market without any modification. Full compatibility to third-party products is assured as LEPS-MAC only involves configuration in the access point.

    Compared to LEPS-U, the administrative overhead is slightly higher because the MAC address has to be entered for each
    device.

Requirements:

WPA must be activated on the access point as its encryption method.


Configuring the LANCOM access point:

Switch to the menu item Wireless LAN -> Stations -> Station rules.

As of LCOS version 10.20, this configuration dialog is located in the menu Wireless LAN -> Stations/LEPS -> LEPS-MAC -> Station Rules.
  • Enter the WLAN client's MAC address under MAC address
  • Give the station a Name
  • Enter the passphrase to be used by the WLAN client to associate with the access point.

Information:
Please observe that the passphrase can contain a maximum of 63 characters. No special characters may be used (accents, umlauts, etc.). The following characters can be used for the passphrase:

#ABCDEFGHIJKLMNOPQRSTUVWXYZ@{|}~!$%&'()*+-,/:;<=>?[\]^_.0123456789abcdefghijklmnopqrstuvwxyz



No changes have to be made to the WLAN client's configuration. All you have to do to associate with the WLAN network is to enter the passphrase for authentication.

When operating LEPS, please ensure that the passphrase entered under Wireless LAN -> Stations is valid for all of the other active SSIDs.

The WLAN client is no longer able to use the global passphrase defined under WLAN -> 802.11i/WEP -> WPA or private WEP settings to associate with a WLAN network using this access point.

Catchwords: LEPS; leps; WPA; Security; 802.11i
Please review this document! This document was helpful This document was not helpful