Eap Authentication Overview - ZyXEL Communications Internet Security Gateway ZyWALL 2 Series User Manual

ZyWALL 2 Series User's Guide
•
Access-Request
Sent by the ZyWALL requesting authentication.
•
Access-Reject
Sent by a RADIUS server rejecting access.
•
Access-Accept
Sent by a RADIUS server allowing access.
•
Access-Challenge
Sent by a RADIUS server requesting more information in order to allow access. The access point
sends a proper response from the user and then sends another Access-Request message.
The following types of RADIUS messages are exchanged between the access point and the RADIUS server
for user accounting:
•
Accounting-Request
Sent by the ZyWALL requesting accounting.
•
Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
In order to ensure network security, the ZyWALL and the RADIUS server use a shared secret key, which is a
password, they both know. The key is not sent over the network. In addition to the shared key, password
information exchanged is also encrypted to protect the network from unauthorized access.

7.6.2 EAP Authentication Overview

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE802.1x
transport mechanism in order to support multiple types of user authentication. By using EAP to interact with
an EAP-compatible RADIUS server, the access point helps a wireless station and a RADIUS server perform
authentication.
The type of authentication you use depends on the RADIUS server or the AP. The ZyWALL supports EAP-
TLS and EAP-TTLS with RADIUS. Refer to the Types of EAP Authentication appendix for
descriptions.
Your ZyWALL supports EAP-MD5 (Message-Digest Algorithm 5) with the local user database.
The following figure shows an overview of authentication when you specify a RADIUS server on your
access point.
7-8 Wireless LAN Screens