Security Solutions
3-103
Designing Access Controls
Select an EAP Method for 802.1X
Table 3-75 shows which EAP methods are supported by several 802.1X
supplicants. You can check the documentation for your supplicants and
devices and fill in your own rows in the table.
Table 3-75. EAP Methods Supported by 802.1X Supplicants
As you can see, if you are using the native Windows supplicant, you should
choose PEAP with Microsoft Challenge Handshake Authentication Pro-
tocol version 2 (MS-CHAPv2) as the inner method. EAP-PEAP was created
and is supported by Microsoft, and deployment in a Microsoft environ-
ment should be relatively pain free.
802.1X
Supplicant
EAP-MD5 EAP-TLS EAP-TTLS PEAP EAP-SIM EAP-TNC LEAP
Windows
native
XX
Inner
protocol:
MS-CHAPv2
Mac native X X X
Inner
protocol:
•PAP
•MS-
CHAPv2
X
Inner
protocol:
MS-CHAPv2
X
Xsupplicant X X X
Inner
protocol:
•PAP
• CHAP
• MS-CHAP
•MS-
CHAPv2
X
Inner
protocol:
•GTC
•MS-
CHAPv2
XXX
Juniper
Odyssey
XX X
Inner
protocol:
•UAC
•MS-
CHAPv2
X
Inner
protocol:
•UAC
•MS-
CHAPv2
XX
ProCurve
Switches,
APs, and RPs
X