ZyXEL Communications M-102 Betriebsanweisung PDF herunterladen (Seite 57)

ZyXEL M-102 User’s Guide

Appendix A

Types of EAP Authentication

This appendix discusses the five popular EAP authentication types: EAP-TLS, EAP-TTLS, PEAP and

LEAP. The type of authentication you use depends on the RADIUS server. Consult your network

administrator for more information.

EAP-TLS (Transport Layer Security)

With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual

authentication. The server presents a certificate to the client. After validating the identity of the server, the

client sends a different certificate to the server. The exchange of certificates is done in the open before a

secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an

electronic ID card that authenticates the sender’s identity. However, to implement EAP-TLS, you need a

Certificate Authority (CA) to handle certificates, which imposes a management overhead.

EAP-TTLS (Tunneled Transport Layer Service)

EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side

authentications to establish a secure connection. Client authentication is then done by sending username

and password through the secure connection, thus client identity is protected. For client authentication,

EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and

MS-CHAP v2.

PEAP (Protected EAP)

Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use

simple username and password methods through the secured connection to authenticate the clients, thus

hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2

and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by

Cisco.

LEAP

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE802.1x.

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys

for data encryption. They are often deployed in corporate environments, but for public deployment, a

simple user name and password pair is more practical. The following table is a comparison of the features

of five authentication types.

Appendix A i

1 2 ... 52 53 54 55 56 57 58

Keine Kommentare

ZyXEL Communications M-102 Betriebsanweisung Seite 57