Appendix G Types Of Eap Authentication - ZyXEL Communications VANTAGE RADIUS 50 User Manual

Hide thumbs Also See for VANTAGE RADIUS 50:

Brochure (1 page)

Quick start manual (20 pages)

User manual (214 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

Table of Contents

Vantage RADIUS User's Guide

Appendix G

Types of EAP Authentication

This appendix discusses the five popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-

TTLS, PEAP and LEAP. The type of authentication you use depends on the RADIUS server.

Consult your network administrator for more information.

EAP-MD5 (Message-Digest Algorithm 5)

MD5 authentication is the simplest one-way authentication method. The authentication server

sends a challenge to the wireless station. The wireless station 'proves' that it knows the password

by encrypting the password with the challenge and sends back the information. Password is not

sent in plain text.

However, MD5 authentication has some weaknesses. Since the authentication server needs to get

the plaintext passwords, the passwords must be stored. Thus someone other than the

authentication server may access the password file. In addition, it is possible to impersonate an

authentication server as MD5 authentication method does not perform mutual authentication.

Finally, MD5 authentication method does not support data encryption with dynamic session key.

You must configure WEP encryption keys for data encryption.

EAP-TLS (Transport Layer Security)

With EAP-TLS, digital certifications are needed by both the server and the wireless stations for

mutual authentication. The server presents a certificate to the client. After validating the identity

of the server, the client sends a different certificate to the server. The exchange of certificates is

done in the open before a secured tunnel is created. This makes user identity vulnerable to passive

attacks. A digital certificate is an electronic ID card that authenticates the sender's identity.

However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates,

which imposes a management overhead.

EAP-TTLS (Tunneled Transport Layer Service)

EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the

server-side authentications to establish a secure connection. Client authentication is then done by

sending username and password through the secure connection, thus client identity is protected.

For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods

such as PAP, CHAP, MS-CHAP and MS-CHAP v2.

Types of EAP Authentication

G-1

Table of Contents

Appendix G Types Of Eap Authentication - ZyXEL Communications VANTAGE RADIUS 50 User Manual

Troubleshooting

Related Manuals for ZyXEL Communications VANTAGE RADIUS 50

Related Content for ZyXEL Communications VANTAGE RADIUS 50

Table of Contents