Appendix D Wireless LANs
AMG1302-T10A User’s Guide
274
EAP-MD5 (Message-Digest Algorithm 5)
MD5 authentication is the simplest one-way authentication method. The authentication server
sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by
encrypting the password with the challenge and sends back the information. Password is not sent in
plain text.
However, MD5 authentication has some weaknesses. Since the authentication server needs to get
the plaintext passwords, the passwords must be stored. Thus someone other than the
authentication server may access the password file. In addition, it is possible to impersonate an
authentication server as MD5 authentication method does not perform mutual authentication.
Finally, MD5 authentication method does not support data encryption with dynamic session key. You
must configure WEP encryption keys for data encryption.
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the wireless clients for
mutual authentication. The server presents a certificate to the client. After validating the identity of
the server, the client sends a different certificate to the server. The exchange of certificates is done
in the open before a secured tunnel is created. This makes user identity vulnerable to passive
attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity.
However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which
imposes a management overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-
side authentications to establish a secure connection. Client authentication is then done by sending
username and password through the secure connection, thus client identity is protected. For client
authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP,
CHAP, MS-CHAP and MS-CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then
use simple username and password methods through the secured connection to authenticate the
clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5,
EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is
implemented only by Cisco.
LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x.
Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key expires when the
wireless connection times out, disconnects or reauthentication times out. A new WEP key is
generated each time reauthentication is performed.
Summary of Contents for AMG1302-T10A
Page 4: ...Contents Overview AMG1302 T10A User s Guide 4 ...
Page 12: ...Table of Contents AMG1302 T10A User s Guide 12 ...
Page 13: ...13 PART I User s Guide ...
Page 14: ...14 ...
Page 20: ...Chapter 1 Introduction AMG1302 T10A User s Guide 20 ...
Page 52: ...Chapter 4 Tutorials AMG1302 T10A User s Guide 52 ...
Page 53: ...53 PART II Technical Reference ...
Page 54: ...54 ...
Page 126: ...Chapter 8 Wireless LAN AMG1302 T10A User s Guide 126 ...
Page 140: ...Chapter 9 Network Address Translation NAT AMG1302 T10A User s Guide 140 ...
Page 158: ...Chapter 11 Filters AMG1302 T10A User s Guide 158 ...
Page 162: ...Chapter 12 Static Route AMG1302 T10A User s Guide 162 ...
Page 166: ...Chapter 13 Port Binding AMG1302 T10A User s Guide 166 ...
Page 176: ...Chapter 15 Quality of Service QoS AMG1302 T10A User s Guide 176 ...
Page 198: ...Chapter 18 Universal Plug and Play UPnP AMG1302 T10A User s Guide 198 ...
Page 202: ...Chapter 19 CWMP AMG1302 T10A User s Guide 202 ...
Page 206: ...Chapter 20 System Settings AMG1302 T10A User s Guide 206 ...
Page 216: ...Chapter 21 Logs AMG1302 T10A User s Guide 216 ...
Page 266: ...Appendix C Pop up Windows JavaScripts and Java Permissions AMG1302 T10A User s Guide 266 ...
Page 280: ...Appendix D Wireless LANs AMG1302 T10A User s Guide 280 ...
Page 290: ...Appendix E IPv6 AMG1302 T10A User s Guide 290 ...
Page 322: ...Appendix G Legal InformationSafety Warnings AMG1302 T10A User s Guide 322 ...