Appendix D Wireless LANs
VSG1432-B101 Series User’s Guide
373
TTLS supports EAP methods and legacy authentication methods such as PAP,
CHAP, MS-CHAP and MS-CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure
connection, then use simple username and password methods through the
secured connection to authenticate the clients, thus hiding client identity.
However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2
and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is
implemented only by Cisco.
LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of
IEEE 802.1x.
Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key
expires when the wireless connection times out, disconnects or reauthentication
times out. A new WEP key is generated each time reauthentication is performed.
If this feature is enabled, it is not necessary to configure a default encryption key
in the wireless security configuration screen. You may still configure and store
keys, but they will not be used while dynamic WEP is enabled.
Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and
PEAP) use dynamic keys for data encryption. They are often deployed in corporate
environments, but for public deployment, a simple user name and password pair
is more practical. The following table is a comparison of the features of
authentication types.
Table 128
Comparison of EAP Authentication Types
EAP-MD5
EAP-TLS
EAP-TTLS
PEAP
LEAP
Mutual Authentication
No
Yes
Yes
Yes
Yes
Certificate – Client
No
Yes
Optional
Optional
No
Certificate – Server
No
Yes
Yes
Yes
No
Dynamic Key Exchange
No
Yes
Yes
Yes
Yes
Credential Integrity
None
Strong
Strong
Strong
Moderate
Deployment Difficulty
Easy
Hard
Moderate
Moderate
Moderate
Client Identity
Protection
No
No
Yes
Yes
No
Summary of Contents for VSG1432-B101 - V1.10
Page 2: ......
Page 8: ...Safety Warnings VSG1432 B101 Series User s Guide 8 ...
Page 10: ...Contents Overview VSG1432 B101 Series User s Guide 10 ...
Page 20: ...Table of Contents VSG1432 B101 Series User s Guide 20 ...
Page 21: ...21 PART I User s Guide ...
Page 22: ...22 ...
Page 40: ...Chapter 2 The Web Configurator VSG1432 B101 Series User s Guide 40 ...
Page 67: ...67 PART II Technical Reference ...
Page 68: ...68 ...
Page 74: ...Chapter 5 Network Map and Status Screens VSG1432 B101 Series User s Guide 74 ...
Page 146: ...Chapter 8 Home Networking VSG1432 B101 Series User s Guide 146 ...
Page 150: ...Chapter 9 Static Routing VSG1432 B101 Series User s Guide 150 ...
Page 174: ...Chapter 11 Policy Forwarding VSG1432 B101 Series User s Guide 174 ...
Page 192: ...Chapter 12 Network Address Translation NAT VSG1432 B101 Series User s Guide 192 ...
Page 198: ...Chapter 13 Dynamic DNS Setup VSG1432 B101 Series User s Guide 198 ...
Page 224: ...Chapter 16 Firewall VSG1432 B101 Series User s Guide 224 ...
Page 230: ...Chapter 18 Parental Control VSG1432 B101 Series User s Guide 230 ...
Page 278: ...Chapter 25 Traffic Status VSG1432 B101 Series User s Guide 278 ...
Page 282: ...Chapter 26 IGMP Status VSG1432 B101 Series User s Guide 282 ...
Page 290: ...Chapter 28 Remote Management VSG1432 B101 Series User s Guide 290 ...
Page 294: ...Chapter 29 Time Settings VSG1432 B101 Series User s Guide 294 ...
Page 298: ...Chapter 30 Logs Setting VSG1432 B101 Series User s Guide 298 ...
Page 314: ...Chapter 34 Troubleshooting VSG1432 B101 Series User s Guide 314 ...
Page 344: ...Appendix A Setting up Your Computer s IP Address VSG1432 B101 Series User s Guide 344 ...
Page 354: ...Appendix B IP Addresses and Subnetting VSG1432 B101 Series User s Guide 354 ...
Page 380: ...Appendix D Wireless LANs VSG1432 B101 Series User s Guide 380 ...