7: Networking
EMGâ„¢ Edge Management Gateway User Guide 106
IEEE 802.1X Parameters,
continued
PEAP: Protected EAP uses server-side public key certificates to
authenticate the EMG with a RADIUS server. PEAP authentication
creates an encrypted TLS tunnel between the EMG and the server. The
exchange of information is encrypted and stored in the tunnel ensuring
the user credentials are kept secure.
FAST: Flexible Authentication via Secure Tunneling uses Protected
Access Credential (PAC) for verifying clients on the network. Instead of
using a certificate to achieve mutual authentication, FAST
authenticates by means of a PAC (Protected Access Credential) stored
on the EMG, which can be managed dynamically by the authentication
server. The PAC can be provisioned (distributed one time) to the client
either manually or automatically. Manual provisioning is delivery to the
client via disk or a secured network distribution method. Automatic
provisioning (used on the EMG) is an in-band distribution.
LEAP Configuration: Enter a User Name and Password that can be
authenticated by the RADIUS server. The User Name and Password
can be up to 63 characters long, and all printable characters are
supported.
EAP-TLS Configuration: Enter a User Name that can be
authenticated by the RADIUS server. The User Name can be up to 63
characters long, and all printable characters are supported. Provide a
client side certificate with a Certificate file, Private Key file and
Authority Certificate file. The server side certificate can be validated
by setting Validate Certificate to Enabled (requires an Authority
Certificate); validating server the certificate is highly recommended.
Certificate filenames must be unique across all profiles, otherwise
certificates for one profile may be overwritten by certificates for another
profile. If certificates are used, when saving and restoring
configurations, it is recommended that the configuration be saved with
SSL Certificates and the configuration be restored with the saved
certificates. The Certificate Authority and Certificate are in PEM format
(the Certificate Authority may have one or more trusted CA
certificates), eg:
-----BEGIN CERTIFICATE-----
(certificate in base64 encoding)
-----END CERTIFICATE-----
The Key File is in PEM format, eg:
-----BEGIN RSA PRIVATE KEY-----
(private key in base64 encoding)
-----END RSA PRIVATE KEY-----
EAP-TTLS Configuration: Enter a User Name and Password that
can be authenticated by the RADIUS server. The User Name and
Password can be up to 63 characters long, and all printable characters
are supported. Select the EAP TTLS Inner Authentication used in the
TLS tunnel, which can be EAP-MSCHAPv2, MSCHAPv2, MSCHAP,
CHAP, PAP or EAP-MD5.
To Next Page
Loading...
Need help?
General
