HP-UX AAA Server A.07.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

141

142

143

144

145

146

147

148

149

150

Table 13-2 Supported EAP Methods and Their Features

DescriptionFeatureEAP Method

Tunneled TLS: Can carry additional EAP or legacy

authentication methods like PAP and CHAP. Integrates with

1, 2, 3, 5, 6TTLS

the widest variety of password storage formats and existing

password-based authentication systems. Supplicants available

for a large number of clients

Protected EAP: Functionally very similar to TTLS, but does not

encapsulate legacy authentication methods.

1, 2, 5, 6PEAP

Transport Layer Security: Uses TLS (also known as SSL) to

authenticate the client using its digital certificate.

NOTE: Some supplicants require specific extensions to

support certificates for EAP.

1, 2, 4, 5TLS

Message Digest 5: Passwords are hashed using the MD5

algorithm. Can be deployed for protecting access to LAN

3MD5

switches where the authentication traffic will not be transmitted

over airwaves. Can also be safely deployed for wireless

authentication inside EAP tunnel methods (see feature 5 above).

Microsoft Challenge Handshake Accept Protocol: Passwords

are hashed using a Microsoft algorithm. Can be deployed for

2, 3MSCHAP

protecting access to LAN switches where the authentication

traffic will not be transmitted over airwaves. Can also be safely

deployed for wireless authentication inside EAP tunnel methods

(see feature 5 above).

Lightweight EAP: For Legacy Cisco equipment only.1, 2, 3LEAP

Generic Token Card: Carries user specific token cards for

authentication.

4, 6GTC

NOTE: If you are using TLS, TTLS, or PEAP, be sure you configure the required

digital certificates after you configure all you r realms.

Securing WLANs with the HP-UX AAA Server

The following is the list of the steps for securing WLANs with the HP-UX AAA Server.

Use the Secure LAN Advisor and refer to each specific section in this guide for more

information on each step.

1. Access Server Manager. See “Accessing the Server Manager” (page 62) for more

information.

2. Open the Secure LAN Advisor for online reference by selecting Secure LAN Advisor

in the navigation tree. See “The Secure LAN Advisor” (page 142) for more

information.

146 Securing LAN Access With EAP