User manual

Security

mySND User Manual 87

Mode of Operation

EAP-TTLS consists of two phases:

• In phase 1, a TLS-encrypted channel between the SND Server

and the RADIUS server will be established. Only the RADIUS

server authenticates itself on the SND Server using a certificate

that was signed by a CA. This process is also referred to as 'outer

authentication'.

• In phase 2, an additional authentication method is used for the

communication within the TLS channel. EAP-defined methods

and older methods (CHAP, PAP, MS-CHAP und MS-CHAPv2) are

supported. This process is also referred to as 'inner

authentication'.

The advantage of this procedure is that only the RADIUS server

needs a certificate. Therefore no PKI is needed. Moreover, TTLS

supports most authentication protocols.

Requirements

; The TPG is defined as user (with user name and password) on a

RADIUS server.

Proceed as follows:

1. Start the mySND Control Center.

2. Select SECURITY – Authentication.

3. Select TTLS from the Authentication method list.

4. Enter the user name and the password that are used for the

configuration of the SND Server on the RADIUS server.

5. Select the settings intended to secure the communication in the

TLS channel.

6. To make the connection more secure, you can also install the

root certificate of the RADIUS server on the SND Server (Ö81).

7. Click Save & Restart to confirm.

ª The settings will be saved.