Appendix F Types Of Eap Authentication - ZyXEL Communications ZyAIR G-500 User Manual

802.11g wireless access point

Hide thumbs Also See for ZyAIR G-500:

Quick installation manual (13 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

Table of Contents

ZyAIR B-500 Wireless Access Point User's Guide

Appendix F

Types of EAP Authentication

This appendix discusses the four popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS

and PEAP. The type of authentication you use depends on the RADIUS server or the AP. Consult your

network administrator for more information.

EAP-MD5 (Message-Digest Algorithm 5)

MD5 authentication is the simplest one-way authentication method. The authentication server sends a

challenge to the wireless station. The wireless station 'proves' that it knows the password by encrypting the

password with the challenge and sends back the information. Password is not sent in plain text.

However, MD5 authentication has some weaknesses. Since the authentication server needs to get the

plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may

access the password file. In addition, it is possible to impersonate an authentication server as MD5

authentication method does not perform mutual authentication. Finally, MD5 authentication method does

not support data encryption with dynamic session key. You must configure WEP encryption keys for data

encryption.

EAP-TLS (Transport Layer Security)

With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual

authentication. The server presents a certificate to the client. After validating the identity of the server, the

client sends a different certificate to the server. The exchange of certificates is done in the open before a

secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an

electronic ID card that authenticates the sender's identity. However, to implement EAP-TLS, you need a

Certificate Authority (CA) to handle certificates, which imposes a management overhead.

EAP-TTLS (Tunneled Transport Layer Service)

EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side

authentications to establish a secure connection. Client authentication is then done by sending username

and password through the secure connection, thus client identity is protected. For client authentication,

EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and

MS-CHAP v2.

PEAP (Protected EAP)

Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use

simple username and password methods through the secured connection to authenticate the clients, thus

Types of EAP Authentication

F-1

Table of Contents

Appendix F Types Of Eap Authentication - ZyXEL Communications ZyAIR G-500 User Manual

Related Manuals for ZyXEL Communications ZyAIR G-500

Related Content for ZyXEL Communications ZyAIR G-500

Table of Contents