Appendix D Wireless LANs
AMG1202-T10A User’s Guide
272
EAP-MD5 (Message-Digest Algorithm 5)
MD5 authentication is the simplest one-way authentication method. The authentication server
sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by
encrypting the password with the challenge and sends back the information. Password is not sent in
plain text.
However, MD5 authentication has some weaknesses. Since the authentication server needs to get
the plaintext passwords, the passwords must be stored. Thus someone other than the
authentication server may access the password file. In addition, it is possible to impersonate an
authentication server as MD5 authentication method does not perform mutual authentication.
Finally, MD5 authentication method does not support data encryption with dynamic session key. You
must configure WEP encryption keys for data encryption.
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the wireless clients for
mutual authentication. The server presents a certificate to the client. After validating the identity of
the server, the client sends a different certificate to the server. The exchange of certificates is done
in the open before a secured tunnel is created. This makes user identity vulnerable to passive
attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity.
However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which
imposes a management overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-
side authentications to establish a secure connection. Client authentication is then done by sending
username and password through the secure connection, thus client identity is protected. For client
authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP,
CHAP, MS-CHAP and MS-CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then
use simple username and password methods through the secured connection to authenticate the
clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5,
EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is
implemented only by Cisco.
LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x.
Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key expires when the
wireless connection times out, disconnects or reauthentication times out. A new WEP key is
generated each time reauthentication is performed.
Содержание AMG1202-T10A
Страница 2: ......
Страница 6: ...Document Conventions AMG1202 T10A User s Guide 6 Server Firewall Telephone Router Switch ...
Страница 8: ...Safety Warnings AMG1202 T10A User s Guide 8 ...
Страница 10: ...Contents Overview AMG1202 T10A User s Guide 10 ...
Страница 18: ...Table of Contents AMG1202 T10A User s Guide 18 ...
Страница 19: ...19 PART I User s Guide ...
Страница 20: ...20 ...
Страница 26: ...Chapter 1 Introduction AMG1202 T10A User s Guide 26 ...
Страница 32: ...Chapter 2 The Web Configurator AMG1202 T10A User s Guide 32 ...
Страница 36: ...Chapter 3 Status Screens AMG1202 T10A User s Guide 36 ...
Страница 53: ...53 PART II Technical Reference ...
Страница 54: ...54 ...
Страница 84: ...Chapter 6 WAN Setup AMG1202 T10A User s Guide 84 ...
Страница 96: ...Chapter 7 LAN Setup AMG1202 T10A User s Guide 96 ...
Страница 126: ...Chapter 8 Wireless LAN AMG1202 T10A User s Guide 126 ...
Страница 142: ...Chapter 10 Firewall AMG1202 T10A User s Guide 142 ...
Страница 148: ...Chapter 11 Filters AMG1202 T10A User s Guide 148 ...
Страница 152: ...Chapter 12 Static Route AMG1202 T10A User s Guide 152 ...
Страница 158: ...Chapter 13 802 1Q 1P AMG1202 T10A User s Guide 158 ...
Страница 166: ...Chapter 14 Quality of Service QoS AMG1202 T10A User s Guide 166 ...
Страница 202: ...Chapter 19 Logs AMG1202 T10A User s Guide 202 ...
Страница 223: ...Chapter 23 Product Specifications AMG1202 T10A User s Guide 223 ...
Страница 224: ...Chapter 23 Product Specifications AMG1202 T10A User s Guide 224 ...
Страница 264: ...Appendix C Pop up Windows JavaScripts and Java Permissions AMG1202 T10A User s Guide 264 ...
Страница 278: ...Appendix D Wireless LANs AMG1202 T10A User s Guide 278 ...
Страница 286: ...Appendix F Legal Information AMG1202 T10A User s Guide 286 ...
Страница 294: ...Index AMG1202 T10A User s Guide 294 ...
Страница 295: ...Index AMG1202 T10A User s Guide 295 ...
Страница 296: ...Index AMG1202 T10A User s Guide 296 ...