Table of Contents
Advertisement
3. Use the EAP Type drop-down menu to select the authentication mechanism used between the CB3000
and a target device to exchange and verify certificates. Options include:
• MD5 – The MD5 authentication method takes a message of arbitrary length as input and produces
a 128-bit fingerprint. The MD5 algorithm is intended for digital signature applications, in which a
large file must be compressed in a secure manner before being encrypted with a private (secret) key
under a public-key cryptographic system.
• MSCHAPV2 – Microsoft Challenge Handshake Authentication Protocol Version 2. MS-CHAP-v2
[RFC2759] is an extension of, yet incompatible with, MSCHAPv1. It also supports mutual
authentication. MSCHAPV2 is the default authentication method used by the Microsoft Windows
2000 operating system. Support of this authentication method on the CB3000 enables Windows
2000 users to establish remote PPP sessions without needing to first configure an authentication
method on the client. MSCHAP V2 introduces a change password feature, allowing the CB3000 to
change the account password if the RADIUS server reports the password has expired.
• PEAP – Windows XP SP1 and Microsoft 802.1X Authentication Client support Protected EAP
(PEAP). Uses an encrypted TLS-Tunnel. Only the server certificates are required.
• TLS – Transport Level Security is an EAP type that is used in certificate-based security
Figure 3.7 Secure 802.1x Configuration
3-15
Network Configuration
Advertisement
Table of Contents
