![background image](http://html1.mh-extra.com/html/zyxel-communications/zyair-b-1000-v-2/zyair-b-1000-v-2_user-manual_943567213.webp)
ZyAIR Access Point Series User’s Guide
Types of EAP Authentication
F-1
Appendix F
Types of EAP Authentication
This appendix discusses the four popular EAP authentication types:
EAP-MD5
,
EAP-TLS
,
EAP-TTLS
and
PEAP
. The type of authentication you use depends on the RADIUS server or the AP. Consult your
network administrator for more information.
EAP-MD5 (Message-Digest Algorithm 5)
MD5 authentication is the simplest one-way authentication method. The authentication server sends a
challenge to the wireless station. The wireless station ‘proves’ that it knows the password by encrypting the
password with the challenge and sends back the information. Password is not sent in plain text.
However, MD5 authentication has some weaknesses. Since the authentication server needs to get the
plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may
access the password file. In addition, it is possible to impersonate an authentication server as MD5
authentication method does not perform mutual authentication. Finally, MD5 authentication method does
not support data encryption with dynamic session key. You must configure WEP encryption keys for data
encryption.
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual
authentication. The server presents a certificate to the client. After validating the identity of the server, the
client sends a different certificate to the server. The exchange of certificates is done in the open before a
secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an
electronic ID card that authenticates the sender’s identity. However, to implement EAP-TLS, you need a
Certificate Authority (CA) to handle certificates, which imposes a management overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side
authentications to establish a secure connection. Client authentication is then done by sending username
and password through the secure connection, thus client identity is protected. For client authentication,
EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and
MS-CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use
simple username and password methods through the secured connection to authenticate the clients, thus
Summary of Contents for Zyair B-1000 v.2
Page 1: ...ZyAIR Access Point Series User s Guide Version 3 50 March 2004...
Page 20: ......
Page 34: ......
Page 44: ......
Page 50: ......
Page 63: ...ZyAIR Access Point Series User s Guide System Screens 5 13 Figure 5 10 Wireless AP Bridge...
Page 100: ......
Page 104: ......
Page 106: ......
Page 112: ......
Page 114: ......
Page 128: ......
Page 130: ......
Page 136: ......
Page 152: ......
Page 156: ......
Page 186: ......
Page 188: ......
Page 192: ......
Page 194: ......
Page 206: ......
Page 210: ......
Page 216: ......
Page 228: ......