Table of Contents
Advertisement
EAP is a widely-used aut hentication frame to transmit the actual authentication protocol rather than a special
authentication mechanism. EAP provides some common function and allows the authentication mechanisms
expected in the negotiation, which are called EAP Method. The advantage of EAP lies in that EAP mechanism
working as a bas e needs no adjustment when a new authentication protoc ol appears. The following figure
illustrates the protocol stack of EAP authentication met hod.
Figure 47-1-8
By now, there are more than 50 EAP aut hentication met hods has been developed, the differences among
which are those in the aut hentication mechanism and the management of keys. The 4 most common EAP
authentication methods are listed as follows:
EAP-MD5
EAP-TLS(Transport Layer Security)
EAP-TTLS (Tunneled Transport Layer Security)
PEAP (Prot ected Extensible Authentication Protocol)
They will be described in detail in the following part.
Attention:
The switch, as the access controlling unit of Pass-through, will not check the content of a particular
EAP method, so can support all the EAP methods above and all the EAP authentication methods
that may be extended in the fut ure.
In EAP relay, if any authentication method in EAP-MD5, EAP-TLS, EAP-TTLS and PEAP is
adopted, the authentication methods of the supplicant system and the RA DIUS server should be
the same.
1. EAP -MD5 Authenti cation Method
EAP-MD5 is an IE TF open standard which providing the least security, since MD5 Hash function is vulnerable
to dictionary attacks.
The following figure illustrated the basic operation flow of the EAP-MD5 authentication met hod.
the Protocol Stack of EAP Authentication Method
47-7
Advertisement
Table of Contents
Troubleshooting
