Peap (Protected Eap); Leap; Table 142 Comparison Of Eap Authentication Types - ZyXEL Communications Prestige 660H Series User Manual

Prestige 660H/HW Series User's Guide

PEAP (Protected EAP)

Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection,
then use simple username and password methods through the secured connection to
authenticate the clients, thus hiding client identity. However, PEAP only supports EAP
methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card),
for client authentication. EAP-GTC is implemented only by Cisco.

LEAP

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of
IEEE802.1x.
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use
dynamic keys for data encryption. They are often deployed in corporate environments, but for
public deployment, a simple user name and password pair is more practical. The following
table is a comparison of the features of five authentication types.

Table 142 Comparison of EAP Authentication Types

Mutual Authentication
Certificate – Client
Certificate – Server
Dynamic Key Exchange
Credential Integrity
Deployment Difficulty
Client Identity Protection
397
EAP-MD5 EAP-TLS
No Yes
No Yes
No Yes
No Yes
None Strong
Easy Hard
No No
EAP-TTLS PEAP
Yes Yes
Optional Optional
Yes Yes
Yes Yes
Strong Strong
Moderate Moderate
Yes Yes
Splitters and Microfilters
LEAP
Yes
No
No
Yes
Moderate
Moderate
No