User`s guide
Table Of Contents
- VMG8924-B10A and VMG8924- B30A Series
- User’s Guide
- Technical Reference
- Network Map and Status Screens
- Broadband
- Wireless
- Home Networking
- 7.1 Overview
- 7.2 The LAN Setup Screen
- 7.3 The Static DHCP Screen
- 7.4 The UPnP Screen
- 7.5 Installing UPnP in Windows Example
- 7.6 Using UPnP in Windows XP Example
- 7.7 The Additional Subnet Screen
- 7.8 The STB Vendor ID Screen
- 7.9 The 5th Ethernet Port Screen
- 7.10 The LAN VLAN Screen
- 7.11 The Wake on LAN Screen
- 7.12 Technical Reference
- Routing
- Quality of Service (QoS)
- Network Address Translation (NAT)
- Dynamic DNS Setup
- Interface Group
- USB Service
- Power Management
- Firewall
- MAC Filter
- Parental Control
- Scheduler Rule
- Certificates
- VPN
- Voice
- Log
- Traffic Status
- VoIP Status
- ARP Table
- Routing Table
- IGMP/MLD Status
- xDSL Statistics
- 3G Statistics
- User Account
- Remote Management
- TR-069 Client
- TR-064
- SNMP
- Time Settings
- E-mail Notification
- Logs Setting
- Firmware Upgrade
- Configuration
- Diagnostic
- Troubleshooting
- Customer Support
- Setting up Your Computer’s IP Address
- IP Addresses and Subnetting
- Pop-up Windows, JavaScripts and Java Permissions
- Wireless LANs
- IPv6
- Services
- Legal Information
- Index
Appendix E Wireless LANs
VMG8924-B10A and VMG8924-B30A Series User’s Guide
382
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-
side authentications to establish a secure connection. Client authentication is then done by sending
username and password through the secure connection, thus client identity is protected. For client
authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP,
CHAP, MS-CHAP and MS-CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then
use simple username and password methods through the secured connection to authenticate the
clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5,
EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is
implemented only by Cisco.
LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x.
Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key expires when the
wireless connection times out, disconnects or reauthentication times out. A new WEP key is
generated each time reauthentication is performed.
If this feature is enabled, it is not necessary to configure a default encryption key in the wireless
security configuration screen. You may still configure and store keys, but they will not be used while
dynamic WEP is enabled.
Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic
keys for data encryption. They are often deployed in corporate environments, but for public
deployment, a simple user name and password pair is more practical. The following table is a
comparison of the features of authentication types.
Table 166 Comparison of EAP Authentication Types
EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP
Mutual Authentication No Yes Yes Yes Yes
Certificate – Client No Yes Optional Optional No
Certificate – Server No Yes Yes Yes No
Dynamic Key Exchange No Yes Yes Yes Yes
Credential Integrity None Strong Strong Strong Moderate
Deployment Difficulty Easy Hard Moderate Moderate Moderate
Client Identity Protection No No Yes Yes No