Protected Extensible Authentication Protocol (PEAP)
Protected Extensible Authentication Protocol (PEAP) uses server-side public key certificates to authenticate clients by creating
an encrypted SSL/TLS tunnel between the client and the authentication server.
The ensuing exchange of authentication information is then encrypted and user credentials are safe from eavesdropping.
PEAP-GTC and PEAP-MSCHAPv2 are supported inner authentication protocols.
PEAP requires that a user account be created on the authentication server.
The authentication server can be validated via importing a certificate into the Cisco Wireless IP Phone 8821 and 8821-EX.
For more information on Cisco Secure Access Control System (ACS) and Cisco Identity Services Engine (ISE), refer to the
following links.
http://www.cisco.com/c/en/us/products/security/secure-access-control-system/datasheet-listing.html
http://www.cisco.com/c/en/us/products/security/identity-services-engine/datasheet-listing.html
EAP and User Database Compatibility
The following chart displays the EAP and database configurations supported by the Cisco Wireless IP Phone 8821 and 8821-
EX.
Database Type
Cisco ACS
Windows SAM
Windows AD
LDAP
ODBC
(ACS for Windows Only)
Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide
EAP-FAST
EAP-TLS
(Phase Zero)
Yes
Yes
Yes
No
Yes
Yes
No
Yes
Yes
Yes
PEAP-GTC
PEAP-MSCHAPv2
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
Yes
34