Table of Contents
Advertisement
290
C
13: C
HAPTER
ONFIGURING
Ways a WX Switch
Can Use EAP
AAA
N
U
FOR
ETWORK
SERS
Table 27 EAP Authentication Protocols for Local Processing (continued)
EAP Type
Description
EAP-TLS
Protocol that provides
mutual authentication,
(EAP with
integrity-protected
Transport Layer
encryption algorithm
Security)
negotiation, and key
exchange. EAP-TLS
provides encryption and
data integrity checking for
the connection.
PEAP-MS-
The wireless client
CHAP-V2
authenticates the server
(either the WX switch or a
(Protected EAP
RADIUS server) using TLS
with Microsoft
to set up an encrypted
Challenge
session. Mutual
Handshake
authentication is
Authentication
performed by
Protocol
MS-CHAP-V2.
version 2)
* EAP-MD5 does not work with Microsoft wired authentication clients.
Network users with 802.1X support cannot access the network unless
they are authenticated. You can configure a WX switch to authenticate
users with EAP on a group of RADIUS servers and/or in a local user
database on the WX, or to offload some authentication tasks from the
server group. Table 28 details these three basic WX authentication
approaches.
(For information about digital certificates, see Chapter 12, "Managing
Keys and Certificates," on page 255.)
Use
Considerations
Wireless and wired
This protocol
authentication.
requires X.509
public key
All authentication is
certificates on
processed on the
both sides of
WX switch.
the connection.
Wireless and wired
Only the server
authentication:
side of the
connection
The PEAP
requires a
portion is
certificate.
processed on the
WX switch.
The client needs
only a username
The
and password.
MS-CHAP-V2
portion is
processed on the
RADIUS server or
locally,
depending on
the
configuration.
Advertisement
Table of Contents
