Supported 802.1X protocols
The following table lists the 802.1X protocols supported by the internal RADIUS server on the
controller, and when using a third-party RADIUS server.
The EAP protocols in this table are known to work with the controller. Other EAP protocols
may also work but have not been tested.
The following are brief definitions for the supported protocols. For more detailed
information, see the appropriate RFC for each protocol.
EAP-MD5: Extensible Authentication Protocol Message Digest 5. Offers minimum
security. Not recommended.
EAP-TLS: Extensible Authentication Protocol Transport Layer Security. Provides strong
security based on mutual authentication. Requires both client and server-side
EAP-TTLS: Extensible Authentication Protocol Tunnelled Transport Layer Security.
Provides excellent security with less overhead than TLS as client-side certificates can be
used, but are not required.
LEAP: Lightweight Extensible Authentication Protocol. Provides mutual authentication
between a wireless client and the RADIUS server. Supports WEP, TKIP, and WPA2 keys.
LEAP is not supported on access-controlled VSCs.
PEAPv0: Protected Extensible Authentication Protocol. One of the most supported
implementations across all client platforms. Uses MSCHAPv2 as the inner protocol.
PEAPv1: Protected Extensible Authentication Protocol. Alternative to PEAPv0 that
permits other inner protocols to be used.
Local user accounts (via
Internal RADIUS server)
User authentication, accounts, and addressing
Client and Server