Moxa Technologies AirWorks AWK-1137C Series User Manual page 36

AirWorks AWK-1137C UM
You can check the current certificate status in Current Status if it is available.
• Certificate issued to: Shows the certificate user
• Certificate issued by: Shows the certificate issuer
• Certificate expiration date: Indicates when the certificate has expired
EAP-TTLS
It is usually much easier to re-use existing authentication systems, such as a Windows domain or Active
Directory, LDAP directory, or Kerberos realm, rather than creating a parallel authentication system. As a result,
TTLS (Tunneled TLS) and PEAP (Protected EAP) are used to support the use of so-called "legacy authentication
methods."
TTLS and PEAP work in a similar way. First, they establish a TLS tunnel (EAP-TLS for example), and validate
whether the network is trustworthy with digital certificates on the authentication server. This step establishes
a tunnel that protects the next step (or "inner" authentication), and consequently is sometimes referred to as
"outer" authentication. The TLS tunnel is then used to encrypt an older authentication protocol that
authenticates the user for the network.
As you can see, digital certificates are still needed for outer authentication in a simplified form. Only a small
number of certificates are required, which can be generated by a small certificate authority. Certificate
reduction makes TTLS and PEAP much more popular than EAP-TLS.
The AWK-1137C provides some non-cryptographic EAP methods, including PAP, CHAP, MS-CHAP, and
MS-CHAP-V2. These EAP methods are not recommended for direct use on wireless networks. However, they
may be useful as inner authentication methods with TTLS and PEAP.
Because the inner and outer
authentications can use
distinct user names in TTLS
and PEAP, you can use an
anonymous user name for the
outer authentication, with the
true user name only shown
through the encrypted
channel. Keep in mind that
not all client software
supports anonymous
alteration. Confirm this with
the network administrator
before you enable identity
hiding in TTLS and PEAP.
TTL inner authentication
Setting
PAP
CHAP
MS-CHAP
MS-CHAP-V2
Anonymous
Setting
Max. of 31 characters
User name & Password
Setting
-
Description
Password Authentication Protocol is used
Challenge Handshake Authentication Protocol is used
Microsoft CHAP is used
Microsoft CHAP version 2 is used
Description
A distinct name used for outer authentication
Description
User name and password used for internal authentication
3-22
Web Console Configuration
Factory Default
MS-CHAP-V2
Factory Default
None
Factory Default
None