Appendix D Wireless LANs
VMG1312-B Series User’s Guide
344
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an ext ension of the EAP-TLS authent icat ion t hat uses certificat es for only the server-
side authent ications to est ablish a secure connect ion. Client aut hent ication is t hen done by sending
usernam e and password t hrough the secure connection, t hus client ident it y is protect ed. For client
aut hent icat ion, EAP-TTLS support s EAP m et hods and legacy aut hent icat ion m ethods such as PAP,
CHAP, MS-CHAP and MS-CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server- side cert ificat e aut henticat ion is used t o establish a secure connect ion, t hen
use sim ple usernam e and password m ethods t hrough the secured connect ion t o aut hent icat e t he
clients, t hus hiding client ident it y. However, PEAP only supports EAP m et hods, such as EAP- MD5,
EAP- MSCHAPv2 and EAP- GTC (EAP- Generic Token Card) , for client aut hent icat ion. EAP- GTC is
im plem ent ed only by Cisco.
LEAP
LEAP (Light weight Extensible Authent ication Prot ocol) is a Cisco im plem ent at ion of I EEE 802.1x.
Dynamic WEP Key Exchange
The AP m aps a unique key t hat is generated wit h t he RADI US server. This key expires when the
wireless connect ion t im es out, disconnect s or reaut hentication t im es out . A new WEP key is
generat ed each t im e reauthent icat ion is perform ed.
I f t his feat ure is enabled, it is not necessary to configure a default encryption key in the wireless
securit y configuration screen. You m ay still configure and st ore keys, but they will not be used while
dynam ic WEP is enabled.
Note: EAP- MD5 cannot be used wit h Dynam ic WEP Key Exchange
For added securit y, cert ificat e- based authent ications (EAP-TLS, EAP-TTLS and PEAP) use dynam ic
keys for data encryption. They are oft en deployed in corporate environm ent s, but for public
deploym ent , a sim ple user nam e and password pair is m ore practical. The following t able is a
com parison of the features of authent ication t ypes.
Table 124 Com parison of EAP Authentication Types
EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP
Mut ual Authent icat ion No Yes Yes Yes Yes
Cer t ificat e – Client No Yes Opt ional Optional No
Cert ificate – Server No Yes Yes Yes No
Dynam ic Key Exchange No Yes Yes Yes Yes
Credential I ntegrity None St rong Strong St rong Moderate
Deploym ent Difficult y Easy Hard Moderate Moderate Moderate
Client I dent it y Pr ot ection No No Ye s Ye s No
To Next Page
Loading...
