C H A P T E R
3-1
Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide for Windows Vista
OL-16534-01
3
Configuring EAP Types
This chapter explains the EAP types that are used for authenication to wireless networks.
The following topics are covered:
•
Overview of EAP-FAST, page 3-1
•
How EAP-FAST Works, page 3-2
•
Configuring EAP-FAST, page 3-4
•
Overview of LEAP, page 3-17
•
How LEAP Works, page 3-17
•
Configuring LEAP, page 3-18
•
Overview of PEAP-GTC, page 3-21
•
How PEAP-GTC Works, page 3-22
•
Configuring PEAP-GTC, page 3-23
Overview of EAP-FAST
Note
For additional information about EAP-FAST, see RFC4851.
EAP-FAST is an EAP method that enables secure communication between a client and an authentication
server by using Transport Layer Security (TLS) to establish a mutually authenticated tunnel. Within the
tunnel, data in the form of type, length, and value (TLV) objects are used to send further
authentication-related data between the client and the authentication server.
EAP-FAST supports the TLS extension as defined in RFC 4507 to support the fast re-establishment of
the secure tunnel without having to maintain per-session state on the server. EAP-FAST-based
mechanisms are defined to provision the credentials for the TLS extension. These credentials are called
Protected Access Credentials (PACs).
EAP-FAST provides the following:
•
Mutual authentication
An EAP server must be able to verify the identity and authenticity of the client, and the client must
be able to verify the authenticity of the EAP server.
•
Immunity to passive dictionary attacks