Security Solutions
3-104
Designing Access Controls
Select an EAP Method for 802.1X
If you want to authenticate ProCurve network devices, you can add EAP-
MD5. (All the ProCurve devices authenticate over a wired connection, so
EAP-MD5 is a legitimate option.)
For other supplicants, the choice between EAP-TTLS and PEAP is still
open. Move to the next question.
3. Which RADIUS server are you using?
Next, examine the capabilities of your RADIUS server. Table 3-76 shows
the EAP methods supported by the servers discussed in this guide.
If you are using IAS, you must select PEAP with MS-CHAPv2 as the inner
method. You can also choose EAP-MD5 if you want to authenticate
ProCurve switches, APs, and RPs.
Also, if you are using the AP 530’s internal RADIUS server, select PEAP, a
secure option for authenticating wireless users.
For other RADIUS servers, you are still faced with the choice between
PEAP and EAP-TTLS. Move to the next question.
Table 3-76. EAP Methods Supported by RADIUS Servers
RADIUS
Server
EAP-MD5 EAP-TLS EAP-TTLS PEAP EAP-SIM EAP-TNC EAP-LEAP (Not
Recommended)
IAS X X X
Inner method:
MS-CHAPv2
Steel-Belted
RADIUS
XXXX X
NAC 800 X X X X
Wireless
Edge
Services
Module
(Internal)
XXX
AP 530
(Internal)
X