1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Adapter
  5. ZyXEL ZyAIR B-220
  6. User manual

Types Of Eap Authentication - ZyXEL Communications ZyAIR B-220 User Manual

Hide thumbs Also See for ZyAIR B-220:
Table of Contents

Advertisement

This appendix discusses the five popular EAP authentication types: EAP-MD5, EAP-TLS,
EAP-TTLS, PEAP and LEAP. The type of authentication you use depends on the RADIUS
server. Consult your network administrator for more information.
EAP-MD5 (Message-Digest Algorithm 5)
MD5 authentication is the simplest one-way authentication method. The authentication server
sends a challenge to the wireless station. The wireless station 'proves' that it knows the
password by encrypting the password with the challenge and sends back the information.
Password is not sent in plain text. However, MD5 authentication has some weaknesses. Since
the authentication server needs to get the plaintext passwords, the passwords must be stored.
Thus someone other than the authentication server may access the password file. In addition, it
is possible to impersonate an authentication server as MD5 authentication method does not
perform mutual authentication. Finally, MD5 authentication method does not support data
encryption with dynamic session key. You must configure WEP encryption keys for data
encryption.
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the wireless stations
for mutual authentication. The server presents a certificate to the client. After validating the
identity of the server, the client sends a different certificate to the server. The exchange of
certificates is done in the open before a secured tunnel is created. This makes user identity
vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the
sender's identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to
handle certificates, which imposes a management overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the
server-side authentications to establish a secure connection. Client authentication is then done
by sending username and password through the secure connection, thus client identity is
protected. For client authentication, EAP-TTLS supports EAP methods and legacy
authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.
Appendix E Types of EAP Authentication

Types of EAP Authentication

ZyAIR B-220 User's Guide
Appendix E
86

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications ZyAIR B-220

Related Content for ZyXEL Communications ZyAIR B-220

Table of Contents