User guide

ManualsBrandsAtrust ManualsComputer equipmentM320

111

112

113

114

115

116

117

118

119

120

802.1X Authentication  103

Network Security Concepts

If your enterprise has a user-based certificate infrastructure in place, you have the

option to configure user certificate-based credentials for EAP-TTLS authentication,

with or without tunneled password credentials. See “Using Certificates with

EAP-TTLS Authentication” on page 63.

EAP-PEAP

EAP-PEAP is comparable to EAP-TTLS, both in its method of operation and its

security. However, EAP-PEAP is not as flexible as EAP-TTLS and it does not support

the range of inside-the-tunnel authentication methods that EAP-TTLS supports.

Commercial implementations of this protocol that started appearing at the

beginning of 2003 had interoperability problems. Nevertheless, this protocol is in

widespread use. EAP-PEAP is a suitable protocol for performing secure

authentication against Windows domains and directory services. See “PEAP

Settings” on page 64 for more information about configuring inner protocols for

EAP-PEAP authentication.

EAP-FAST

EAP-FAST is an EAP authentication method that, like EAP-TTLS and EAP-PEAP,

offers password-based 802.1X authentication that encapsulates user credentials

inside a TLS tunnel. Unlike other tunneled protocols, however, a server certificate is

not required as a means of establishing a tunnel. Without the protection of a server

certificate, EAP-FAST authentication can be vulnerable to man-in-the-middle attacks

(and subsequent off-line dictionary attacks).

EAP-JUAC

EAP-JUAC is an inner EAP protocol developed by Juniper Networks for

authenticating access to an Infranet Controller. EAP-JUAC is compatible with TTLS

and PEAP.

EAP-POTP

EAP-POTP is a protocol developed by RSA Security, Inc. With this protocol, users can

request authentication using their RSA SecurID token cards for password

credentials.

This secure two-factor authentication protocol provides cryptographically strong

end-to-end mutual authentication, AES data encryption, personal identification

number (PIN) management, and session resumption. The EAP-POTP protocol does

not rely on certificates or require a certificate infrastructure. EAP-POTP has strong

encryption, data integrity, and authentication support.

EAP-SIM and EAP-AKA

EAP-SIM and EAP-AKA (authentication and key agreement) are the two EAP

methods that you can use for wireless network authentication based on your SIM

card credentials.