the Authentication Flow of 802.1x EAP-MD5
Figure 47-1-9
2. EAP -TLS Authenti cation Method
EAP-TLS is brought up by Mic rosoft based on EAP and TLS protocols. It uses PKI t o protect the id
authentication bet ween the supplicant system and the RADIUS server and the dynamically generated session
keys, requiring both the supplicant system and t he Radius authentication server t o possess digital certificate
to implement bidirectional authentication. It is the earliest EAP authentication method used in wireless LAN.
Since every user should have a digital certificat e, this method is rarely used practically considering the difficult
maintenance. However it is still one of the safest EAP standards, and enjoys prevailing supports from the
vendors of wireless LAN hardware and soft ware.
47-8