802.1x *without* encryption. Is it possible ?

Hi,
I have a ACU Client, WLC (with local EAP) and an external RADIUS server.
My aim is to use 802.1x, but WITHOUT encryption.
In the Cisco ACU, when I select 802.1x, I have to select an EAP type.
    With EAP-FAST, selected,
      On the WLC, if I enable local EAP, and  select WEP with No key size, it does not work.
      I have to select a Key size, therebye enabling WEP
         I believe this is because EAP-FAST *MANDATES* usign WEP or a 4 way handshake..
A. If I select other EAP types, and setup my authentication server (Free RADIUS) to support the EAP type,
    can I have a setup that can NOT use encryption ?
          On the WLC, do I just select 802.1x and a WAP key with 0 size ?
B. Is this not possible with any form of Local EAP ??
Thanks

Hi George,
Thats actually one of the first things I had tried, but it does not seem to work.
I repeated the test again, but this time with a sniffer running.
            I see the open auth/association go through, but it never proceeds to 802.1x (However this was with a all mixed cell flag on)
            Without that flag set, I dont see any packets from the client, except probe requests !!
On the controller, I was also running a debug aaa enable all, and dont see any activity, in both the above cases.
The moment I set the WEP key length from NONE to 104 bits, it works
I'll try with other clients, but I believe the result will be the same.
Also, this is just to get a better understanding of the behaviour of 802.1x.. Not for production.

Similar Messages

  • NAC Framework - NAC-L2-802.1x without CSSC client?

    Hi
    I'm just wondering if it is possible to do NAC-L2-802.1x without the use of the CSSC client? I've managed to get this working with the CSSC client with no problems, but have been having nothing but problems trying to get this working without. This client software is pretty expensive and if it is possible to get around using it, that'd be great. Thanks for any info.
    Jason

    You can do 802.1x without CSSC, you cannot support remediation without it however. 802.1x by itself allows you authentication, and dynamic VLAN assignment.

  • Encryption is not possible in this installation! - in "Create Secure Store"

    Hi,
    We are in the middle of upgrade and While doing UNICODE conversion of SRM5 system, During IMPORT, one of the phase is "Create Secure Store". UNICODE import gives ERROR in "Create Secure Store" phase.
    Below given is ERROR Detail:
    [root@fsp67001] /unicode/import_uc/sapinst_instdir/SRM05/LM/COPY/ORA/SYSTEM/CENTRAL/AS>
    >cat SecureStoreCreate.log
    SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
    Usage:
    SecStoreFS status <standard>
    SecStoreFS exists <standard>
    SecStoreFS create <standard> -noenc
    SecStoreFS create <standard> -enc -p "<key phrase>" [-nostore]
    SecStoreFS insert <standard> <key> <value>
    SecStoreFS encrypt <standard> -p "<key phrase>" [-nostore]
    SecStoreFS updatep <standard> -p "<key phrase>" [-nostore]
    where <standard> is [-s <SID>] [-f <data filename> -k <key filename>]
    Encryption is not possible in this installation!
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    Log Details:
    When you look at command which gets executed in background(Which is
    failing) is given below.
    /usr/java14_64/bin/java -
    classpath /unicode/import_uc/sapinst_instdir/SRM05/LM/COPY/ORA/SYSTEM/CENTRAL/AS/install/sharedlib/launcher.jar -Xmx256m -Xj9
    com.sap.engine.offline.OfflineToolStart
    com.sap.security.core.server.secstorefs.SecStoreFS /unicode/import_uc/sapinst_instdir/SRM05/LM/COPY/ORA/SYSTEM/CENTRAL/AS/install/lib/iaik_jce.jar:/unicode/import_uc/sapinst_instdir/SRM05/LM/COPY/ORA/SYSTEM/CENTRAL/AS/install/sharedlib/exception.jar:/unicode/import_uc/sapinst_instdir/SRM05/LM/COPY/ORA/SYSTEM/CENTRAL/AS/install/sharedlib/logging.jar:/unicode/import_uc/sapinst_instdir/SRM05/LM/COPY/ORA/SYSTEM/CENTRAL/AS/install/sharedlib/tc_sec_secstorefs.jar create -s RSP -
    f /sapmnt/RSP/global/security/data/SecStore.properties -
    k /sapmnt/RSP/global/security/data/SecStore.key -enc -p XXXXXX
    Request  If anybody in the forum has faced similar problem, pls respond back.
    Vijay

    Hi
    <b>Please go through the SAP OSS Notes, which will help -></b>
    Note 501710 - Error when accessing the "secure storage"
    Note 750779 - Safety and Security of User Mapping Data
    Note 1071472 - FileSystem SecureStore connection issues
    Note 914791 - SQL Command console does not work with automatic config
    Related Notes
    Note 520039 - Analysis report for "secure storage"
    Note 516835 - Error SECSTORE023 with secure storage
    Note 502422 - Long texts for error messages SECSTORE021 to SECSTORE031
    Note 501486 - Work process termination when using the "secure storage"
    Do let me know.
    Regards
    - Atul

  • Acrobat  9 standard no copy without encryption

    I just upgraded from 6 to 9. I want to prohibit copying in security but the dialog box wants to encrypt and I don't want to encrypt. I just want to disallow copying.

    The confusion, I think, may be assoicated with a very unhappy change made in Adobe Acrobat.  At one time, you could protect files from being changed without using encryption.  (This was very valuable for permitting web located files to be accessed by Search Engines.)  Now however, you can only protect files from change if you use encryption.  This is actually in contradiction to the dialogue box one gets when saving files under security.  Making the files available to Adobe Reader 7 and later, you should be able to save them without encryption. But that doesn't happen.  If you want to protect the files from change, you end up having to encrypt them.
    If someone knows how to make files available for anyone to read; and at the same time protect those files from being changed  --  without using encryption -- please post.  That information would be highly valued.

  • Web Intelligence Rich Client without java - is it possible?

    Hello!
    Web Intelligence Rich Client without java - is it possible?
    How about other client as Web Intelligence Rich Client, but without java?
    Is it possible?
    Regards,
    Denis

    It's very interesting, becouse i have installed pathes: ENTERPRISECLNT03P_4-10007619.EXE, CRYSTALREPORTS03P_4-10007442.EXE, BOBJINTGRSAP03P_4-10007514.EXE and problem was solved. Moreover I have uninstalled JRE. New problem not have come.
    Regards,
    Denis

  • How to set air port extremem 802.11n without cd?

    How to set air port extremem 802.11n without cd?

    What computer do you have?  What operating system is it using?

  • BackUp iphone without encryption

    Hello,
    I have an iPhone 4S and I backed it up with a password (encrypted) in iTunes. Then, I restored my iPhone and since I didnt know the password of the Back Up, I used the icloud back up to restore it. Now I want to use iTunes do back it up but in the settings, the back up is still encrypted. I tryed deleting the backup and doing it again but it is still encrypted and i can't remove the encryption because I don't remember the password.
    I would like to know if there is a way to cancel the auto back up and to start doing it again without encryption!
    Thanks for the help

    Here are some suggestions if you don't remember the password:
    http://support.apple.com/kb/TS5162
    If nothing works you will have to restore your device as new:
    http://support.apple.com/kb/HT4946
    Message was edited by: picas

  • Encrypted mailserver setup possible?

    Hi,
    Since some time I keep telling myself I should start to host my email myself instead of trusting a (commercial) company like gmail. So I've been thinking a lot about the required setup, but I can't figure out a good way that suits my needs/requirements.
    I'm renting a small virtual server, with only 256MB ram, but that should suffice. I'm not sending/receiving thousands of emails a day. I'm sharing this server with a friend, we both have root acces. This complicates the setup somewhat .
    Requirements:
    - Store email encrypted on the server, a database would be nice but is certainly not a requirement.
    - Only acces the encrypted mailstorage when I acces the system. The system should not contain my private key/password, so upon login it should put all the received emails into the encrypted storage.
    - Web acces (squirrel/roundcube)
    - Be able to search through the email
    Known limits:
    I'm well aware that with sharing root acces on the server I won't be able to get a system that guarantees me 100% privacy. But there are practical limits and there is some trust. For real privacy I should not trust upon the server, but use pgp. Although pgp is very good, many people i often communicate with don't know it. So please don't point this out, I know about this. The discussion is not about sharing root making it impossible to get this 100% secure, but about storing the mails encrypted and getting the best system possible for this.
    The mails will be received unencrypted and should pass an anti-spam system unencrypted. Also will the mail be stored in a queue until I perform a login.
    There are 3 reasons for wanting to store the mails encrypted: It will stop my co-root from simply using cat in the maildir/database, it will keep my mails save if there would be an 'intruder' on the server and it keeps the mail private if the hosting company would look into my files (or has to give access to a government/police).
    I hope this is possible and some archers can help me to point to the required software . Some personal experiences with a similar setup would be great!

    Some more digging seems to point out there is not yet any email server supporting what we want. I've found this blog: https://grepular.com/Automatically_Encr … ming_Email. It's going for the gpg option, like Stebalien was suggesting. It seems to be the best way too do it, without to much hassle.
    I hope I can find some time somewhere in the upcoming days to fiddle with it. I'll let you know if i'm getting any concrete results .
    Last edited by evert_ (2011-12-19 18:41:33)

  • Telepresence Conductor + Server without encryption?

    I'm starting to have a bit of a play in our test environent with the free Conductor OVA and Telepresence Server.
    Reading through the Conductor 2.2 deployment guide, it mentions encryption keys + SIP TLS as "required" quite alot.  As our test environment doesn't have the encryption key on the Telepresence Server, is it possible to run Conductor + TP server in non-secure mode if we don't have the key, or is it an absolute requirement to have it?

    Its a 0 dollar item, so unless you are in a non-encrypted country that should be an easy fix.
    I never tried it without, one point can be that its using the api via https, that would
    fail on your box. Not sure about the sip encryption, but sure that could also be a show
    stopper, especially for the b2bua mode.
    Sure you can try it and sure report your success, but please dont ask if it does not work
    the best way: get a key if possible
    Please remember to rate helpful responses and identify helpful or correct answers.

  • Local backup was made without "Encrypt Local Backup" checked before upgrading to iOS 7 but I can't restore because a password is requested to restore it. What do I do?

    I hadn't yet upgraded to iOS7 from iOS6 on my iPad so I clicked "Manual Backup" [To this computer] and "Encrypt Local Backup" was not checked.
    The backup seemed to complete without error or incident.
    I then went through the iOS 7 upgrade and when it was completed the options are "Set up as new device" or "Restore from Backup"
    Since I didn't want to wipe all the data on my iPad, I chose restore, and it said connect to iTunes, which I did.
    When I click on Restore Backup, it asks for me to choose which backup I want. I choose the last one that I had just done as indicated above (which is the default).
    It then gives me a dialog of "Enter the password to unlock your iPad backup. I even tried every password I've used in the last two years. Nothing works. What I don't understand is why it's asking for a password at all?
    Is there a way around this? I don't want to loose the data I just backup up.

    Sorry there is no way around this.
    If you don't know the password you will need to restore as new.
    Then you can sync apps/music back via itunes.

  • Without EEWB Is it Possible to add field to standard tab

    Hi Experts!
    Without EEWB and enhancing Screen Is it Possible to adding field to standard tab. Any body can help out in this.
    URGENT
    Thanks
    vikram.c

    Yes it is possible, but we are talking a modification of SAP standard here. Also the effort needed will be at least 10 times higher than using EEWB as you have to reprogram all generated code / screen helps that SAP provides. Moreover these fields are then still not exchanged with the interfaces / BDocs etc which will be also some more days of work. There is no usable documentation on this - at least not by SAP and I am not aware of another one. It is much easier to create an EEWB enhancement and then move the fields from one tab to another.
    Doing this all by hand is like adding a second processor to an existing motherboard for more performance compared to exchanging the existing one with one of higher specifications.This is possible, but requires a) more work/time/material b) more experience c) you lose warranty d) in the end you do not know for sure what the outcome will be
    Regards, Kai

  • Idoc to soap sync without bpm. is it possible? Helping me..

    Hi Experts,
    i have a small clarification Idoc to soap sync interface in sap pi 7.0. i created IDoc to Soap sync using BPM but some times the signals are stuck due to load issue in swpr, while reprocess those signals all going successfully to the receiver. So We are trying to eliminate BPM.
    I just wanted to know Idoc to Soap sync scenario without BPM is possible or not in SAP PI 7.0?
    if it is possible kindly send me the links
    Regards,
    Kiran polani

    Hi Kiran,
    Could you please let us know the exact requirement. How do you want to send the response back to IDOC?
    ASync - Sync Bridge with IDOC sender is not possible in PI 7.0.
    If It is something like IDOC --> SOAP --> IDOC , And If the SOAP request is small then you can use SOAP Lookup in IDOC to IDOC Scenario.
    In The mapping You can do a lookup and get the response from SOAP(Webservice) and map that to your Target IDOC.
    This is one possible way for you without BPM in PI7.0.
    Please let me know if you need more details about this.
    Thanks
    Jyothi A

  • 802.1x Without Certificates

    I have the following setup:
    5508 WLC
    ISE 1.2
    The wireless network is copletely seperate from the corporate network & is purely used for Internet Access.
    The users connect in 2 different ways:
    Guest Access by means of a Guest Portal (Guest SSID)
    802.1x Pointing to Internal Users on the ISE box. (Corporate SSID)
    All Mobile devices connect fine to the corporate SSID, the problem is with Laptop users.
    At this stage, In order for the users to connect to the Corporate SSID, i need to manually set up the Wireless connection and remove the
    "Verify The Server's Identity by validating the certificate" tick box under PEAP settings.
    Is there any way to bypass/rectify this, (This is only used for Internet, hence the Customer will not install a CA server)
    I need the users to connect to the Corporate SSID without manually setting up the Wireless Connction.

    Jacovr,
    The point of using 802.1X is to provide a means of security for the corporate users when connect to WiFi. First we need to cover the purpose of cert validation. Radius server sends the device cert to the client. The client then uses this cert to hash their logon and AD and pass it to the radius server wherethe radius server uses the private key.  To protect against a man in the middle attack the client can validate the certificate. If you choose not to, and many people do btw, you can unselect this. But know anyone running your SSID with FREERADIUS and the Hack can put your ID/Passwords at risk.
    This is a client configuration. Nothing you can do on the infrustructure side of this to bypass it. Here are a few ideas.
    1)I assume these corporate users have machines that are part of AD. If so you can push the WLAN profile with the specific WLAN settings automagically.
    2) If you dont have AD you can use a tool like Anyconnect and provide a profile via email a user can launch and will configure the WLAN profile.
    3) With ISE you can build a policy and push down a WLAN profilem but here again they need to connect the first time. I have seen users do a onboarding network for WLAN Profiles.
    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
    ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
    "Im like bacon, I make your wireless better"

  • Initialize delta without data transfer not possible

    Hullo,
    I want to switch the upload procedure for an ODS from full to delta. For I have researched SAP Note 689964 and executed the program RSSM_SET_REPAIR_FULL_FLAG for the ODS-object and datasource. It successfully modified the request and set the 'REPAIR_FULL' flag.
    Now I want to change the InfoPackage from Full update to Delta. According to the note I have to perform an init simulation, my problem is that the option initialize delta without data transfer is in display mode only (i.e. it's gray and I cannot select it).
    The InfoSource in question is "0HR_PY_1". I've checked several others and with some it is possible to select the initialization simulations and with others it's not.
    My questions are a) Why is it this option grayed out? and b) What can I do to enable the selection of this option?
    Any help is appreciated.

    Hullo AK,
    thanks for pointing out that note, sadly it's for "0HR_PY_PP_1" and not "0HR_PY_1".
    However it lead us to note '611199'...
    <b>Symptom</b>
    Some attributes of the following DataSources are not defined.
    0HR_PY_1 DataSource:
    - Commit after initialization phase
    - DeltaInit Simulation
    0HR_PY_PP_1 DataSource:
    - Commit after initialization phase
    0HR_PY_PP_2 DataSource:
    - Commit after initialization phase
    <b>Other terms</b>
    PXDW, extractor, posting transfer, settlement, PCPO, PCP0
    <b>Reason and Prerequisites</b>
    The SAP settings for the DataSources are incomplete.
    The following attributes should be set:
    0HR_PY_1 DataSource:
    - Commit after initialization phase: no commit
    <u>- DeltaInit Simulation: Mode is not supported</u>
    0HR_PY_PP_1 DataSource:
    - Commit after initialization phase: no commit
    0HR_PY_PP_2 DataSource:
    - Commit after initialization phase: no commit
    <b>Solution</b>
    Import the corresponding Support Package into the Plug-In Releases 2003.1 and 2002.2 and copy/activate the DataSources in the plug-in system again.
    If the correction is imported, you can <i>no longer select the "DeltaInit simulation"</i> option for the delta initialization of the <b>0HR_PY_1</b> DataSource/InfoSource.
    As long as you have not imported the correction or you are using an even older plug-in release, you should never select the "DeltaInit simulation" option during the delta initialization for the 0HR_PY_1 DataSource/InfoSource. <b>The 0HR_PY_1 DataSource does not support this mode.</b>
    The 0HR_PY_1 DataSource only supports the delta initialization (without the DeltaInit simulation) and subsequent delta calls.
    Sadly enough, not what I wanted to read, but well at least I now know that I shouldn't look into this solution anymore.
    Again, thanks for your help.

  • Creation of Business role without allow user the possibility of personaliz.

    Hi
    I'm new in SAP. and I'm in need. Is it possible create Business Role (in CRM) without the possibility (for the user) to personalize the assignment block and the general setting?
    Thanks for your future help!
    Stefano

    Hi,
    this is possible by assigning the Function Profile 'PERSONALIZATION' with value 'ALL_DISABLED' to your business Role in the Business Role Customizing.
    Kind regards,
    Carl

Maybe you are looking for

  • Lack of replies in this section

    I'm some of you thread authors are noticing that you are getting no or very few replies from other people in the forum. I'm bringing to your attention that you are not giving enough information when you post a problem. I refer you to Rules of the For

  • Error in using .equals in JSP

    i'm using .equals to compare string value but every time i refresh the page it returns an error. <%@include file = "connection/dbconnect.js"%> <select name="List_Type" style="width:150px;height:23px" class="styleFieldEntry"> <%if(request.getParameter

  • How to know whether employees' photo were uploaded?

    Hi SAP Gurus, We have uploaded some employees photo thru BDC. We need to know the gaps. Is there any standard report in SAP thru which we can get the data of which employees photos got uploaded and who are left out. Thanks in advance. Best regards, S

  • Where I can download SAP Netweaver 7.1 ????

    Hi guys, Currently I'm running SAP Netweaver 7.0 ABAP Trial version, configured to run BI. I installed SAP NW 70 Presentation  710 Composite Core, so now I have the following applications: Analyzer, Query Designer, Report Designer, WAD. Well, everyth

  • How to replace  BLANK or NULL values in rule file

    Hi, I have a source file which contains Blank or Null values which i need to replace them with a number "042" .How we can do this in the rule file using "Replace "(Field->Properties).I tried keeping spaces but its failing. I am actually new to essbas