+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
authentication as strong as that provided by EAP-TLS, but without requiring users to have their
own digital certificate. The only request is that the Radius server should have a digital
certificate. The authentication of users’ identity is implemented with passwords transmitted in a
safely encrypted tunnel established via the certificate of the authentication server. Any kind of
authentication request including EAP, PAP and MS-CHAPV2 can be transmitted within TTLS
tunnels.
4. PEAP Authentication Method
EAP-PEAP is brought up by Cisco, Microsoft and RAS Security as a recommended open
standard. It has long been utilized in products and provides very good security. Its design of
protocol and security is similar to that of EAP-TTLS, using a server’s PKI certificate to
establish a safe TLS tunnel in order to protect user authentication.
The following figure illustrates the basic operation flow of PEAP authentication method.
The Authentication Flow of 802.1x PEAP
38.1.4.1 EAP Termination Mode
In this mode, EAP messages will be terminated in the access control unit and mapped into
RADIUS messages, which is used to implement the authentication, authorization and fee-
counting. The basic operation flow is illustrated in the next figure.
To Next Page
Loading...
Need help?
General
