Extensible Authentication Protocol - Flexible Authentication Via Secure Tunneling (Eap-Fast) - Cisco 8800 Series Deployment Manual

WLAN Authentication
WPA2 (802.1x authentication + AES or TKIP encryption)
•
WPA (802.1x authentication + TKIP or AES encryption)
•
WPA2-PSK (Pre-Shared key + AES encryption)
•
WPA-PSK (Pre-Shared key + TKIP encryption)
•
EAP-FAST (Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling)
•
PEAP-MSCHAPv2 (Protected Extensible Authentication Protocol - Microsoft Challenge Handshake Authentication
•
Protocol version 2)
802.11r / Fast Transition (FT)
•
CCKM (Cisco Centralized Key Management)
•
None
•
WLAN Encryption
AES (Advanced Encryption Standard)
•
TKIP / MIC (Temporal Key Integrity Protocol / Message Integrity Check)
•
WEP (Wired Equivalent Protocol) 40/64 and 104/128 bit
•
Note: Dynamic WEP with 802.1x authentication and Shared Key authentication are not supported.
EAP-TLS authentication via X.509 digital certificates is currently not supported.
PEAP + Server Validation is currently not supported.
The Cisco IP Phone 8800 Series also supports the following additional security features.
Image authentication
•
Device authentication
•
File authentication
•
Signaling authentication
•
Secure Cisco Unified SRST
•
Media encryption (SRTP)
•
Signaling encryption (TLS)
•
Certificate authority proxy function (CAPF)
•
Secure profiles
•
Encrypted configuration files
•
Settings Access (can limit user access to configuration menus)
•
Extensible Authentication Protocol - Flexible Authentication via Secure
Tunneling (EAP-FAST)
Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) encrypts EAP transactions
within a Transport Level Security (TLS) tunnel between the access point and the Remote Authentication Dial-in User Service
(RADIUS) server such as the Cisco Access Control Server (ACS) or Cisco Identity Services Engine (ISE).
Cisco IP Phone 8800 Series Wireless LAN Deployment Guide
17