Table of Contents
Advertisement
Default
Authentication Type
Server Certificate
Specify a PEAP and/or TTLS Authentication Type for EAP to use
from the drop-down menu to the right of each checkbox item. PEAP
options include:
•
GTC - EAP Generic Token Card (GTC) is a challenge
handshake authentication protocol using a hardware token
card to provide the response string.
•
MSCHAP-V2 - Microsoft CHAP (MSCHAP-V2) is an encrypted
authentication method based on Microsoft's challenge/
response authentication protocol.
TTLS options include:
•
PAP - Password Authentication Protocol sends a
username and password over a network to a server that
compares the username and password to a table of
authorized users. If the username and password are
matched in the table, server access is authorized.
WatchGuard products do not support the PAP protocol
because the username and password are sent as clear
text that a hacker can read.
•
MSCHAP-V2 - Microsoft CHAP (MSCHAP-V2) is an
encrypted authentication method based on Microsoft's
challenge/response authentication protocol.
•
MD5 - This option enables the MD5 algorithm for data
verification. MD5 takes as input a message of arbitrary
length and produces a 128- bit fingerprint. The MD5
algorithm is intended for digital signature applications,
in which a large file must be compressed in a secure
manner before being encrypted with a private (secret)
key under a public-key cryptographic system.
If you have a server certificate from a CA and wish to use it on the
Radius server, select it from the drop-down menu. Only certificates
imported to the access point are available in the menu. For
information on creating a certificate, see
on page
4-20.
Configuring Access Point Security
Creating Self Certificates
6-55
Advertisement
Table of Contents
