User Documentation

ManualsBrandsWeidmueller ManualsAutomation & SoftwareIE-WLT-VL-AP-BR-CL-EU

Wi-Fi device IE-WL-VL-AP-BR-CL Web Console Configuration

3-36

You can check the current certificate status in Current Status if it is available.

• Certificate issued to: Shows the certificate user

• Certificate issued by: Shows the certificate issuer

• Certificate expiration date: Indicates when the certificate has expired

EAP-TTLS

It is usually much easier to re-use existing authentication systems, such as a Windows domain or Active

Directory, LDAP directory, or Kerberos realm, rather than creating a parallel authentication system. As a result,

TTLS (Tunneled TLS) and PEAP (Protected EAP) are used to support the use of so-called “legacy authentication

methods.”

TTLS and PEAP work in a similar way. First, they establish a TLS tunnel (EAP-TLS for example), and validate

whether the network is trustworthy with digital certificates on the authentication server. This step establishes

a tunnel that protects the next step (or “inner” authentication), and consequently is sometimes referred to as

“outer” authentication. The TLS tunnel is then used to encrypt an older authentication protocol that

authenticates the user for the network.

As you can see, digital certificates are still needed for outer authentication in a simplified form. Only a small

number of certificates are required, which can be generated by a small certificate authority. Certificate

reduction makes TTLS and PEAP much more popular than EAP-TLS.

The IE-WL-VL-AP-BR-CL provides some non-cryptographic EAP methods, including PAP, CHAP, MS-CHAP,

and MS-CHAP-V2. These EAP methods are not recommended for direct use on wireless networks. However,

they may be useful as inner authentication methods with TTLS and PEAP.

Because the inner and outer

authentications can use distinct user

names in TTLS and PEAP, you can use

an anonymous user name for the

outer authentication, with the true

user name only shown through the

encrypted channel. Keep in mind that

not all client software supports

anonymous alteration. Confirm this

with the network administrator

before you enable identity hiding in

TTLS and PEAP.

TTL inner authentication

Setting

Description

Factory Default

PAP

Password Authentication Protocol is used

MS-CHAP-V2

CHAP

Challenge Handshake Authentication Protocol is used

MS-CHAP

Microsoft CHAP is used

MS-CHAP-V2

Microsoft CHAP version 2 is used

Anonymous

Setting

Description

Factory Default

Max. of 31 characters

A distinct name used for outer authentication

None

User name & Password

Setting

Description

Factory Default

User name and password used in inner authentication

None