Technical data
802.1X Authentication
© 2012 Meru Networks, Inc. Authentication 167
The following notes apply to the authentication mechanisms above:
1. MD5 is not typically used as it only provides one-way authentication. MD5 does
not support automatic distribution and rotation of WEP keys and therefore does
nothing to relieve the administrative burden of manual WEP key maintenance.
2. TLS, although very secure, requires the administrator to install client certificates
on each wireless station. Maintaining a PKI infrastructure adds additional time
and effort for the network administrator.
3. TTLS addresses the certificate issue by tunneling TLS, and thus eliminates the
need for a certificate on the client side. This often makes TTLS the preferred
option. Funk Software primarily promotes TTLS and there is a charge for
supplicant and authentication server software.
4. LEAP has the longest history. Although previously proprietary to Cisco, Cisco now
licenses the software. Other vendors are now beginning to support LEAP in their
wireless LAN adapters.
5. The more recent PEAP works similar to EAP-TTLS in that it does not require a
certificate on the client side. PEAP is backed by Cisco and Microsoft and is
available at no additional cost from Microsoft. If you want to transition from LEAP
to PEAP, Cisco's ACS authentication server runs both.
Provider
Microso
ft
Microso
ft
Funk MS Cisco
Authentication Attributes
One
way
Mutual Mutual Mutual Mutual
Deployment Difficulty Easy
Difficul
t
Modera
te
Modera
te
Modera
te
Wireless Security Poorest Highest High High High