![ZyXEL Communications NXC-8160 Скачать руководство пользователя страница 186](http://html1.mh-extra.com/html/zyxel-communications/nxc-8160/nxc-8160_user-manual_943643186.webp)
Appendix E Wireless LANs
NXC-8160 User’s Guide
186
For EAP-TLS authentication type, you must first have a wired connection to the network and
obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs)
can be used to authenticate users and a CA issues certificates and guarantees the identity of
each certificate owner.
EAP-MD5 (Message-Digest Algorithm 5)
MD5 authentication is the simplest one-way authentication method. The authentication server
sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password
by encrypting the password with the challenge and sends back the information. Password is
not sent in plain text.
However, MD5 authentication has some weaknesses. Since the authentication server needs to
get the plaintext passwords, the passwords must be stored. Thus someone other than the
authentication server may access the password file. In addition, it is possible to impersonate an
authentication server as MD5 authentication method does not perform mutual authentication.
Finally, MD5 authentication method does not support data encryption with dynamic session
key. You must configure WEP encryption keys for data encryption.
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the wireless clients for
mutual authentication. The server presents a certificate to the client. After validating the
identity of the server, the client sends a different certificate to the server. The exchange of
certificates is done in the open before a secured tunnel is created. This makes user identity
vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the
sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to
handle certificates, which imposes a management overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the
server-side authentications to establish a secure connection. Client authentication is then done
by sending username and password through the secure connection, thus client identity is
protected. For client authentication, EAP-TTLS supports EAP methods and legacy
authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection,
then use simple username and password methods through the secured connection to
authenticate the clients, thus hiding client identity. However, PEAP only supports EAP
methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card),
for client authentication. EAP-GTC is implemented only by Cisco.
LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE
802.1x.
Содержание NXC-8160
Страница 1: ...www zyxel com NXC 8160 Business WLAN Controller User s Guide Version 1 0 12 2008 Edition 2...
Страница 2: ......
Страница 8: ...Safety Warnings NXC 8160 User s Guide 8...
Страница 10: ...Contents Overview NXC 8160 User s Guide 10...
Страница 21: ...21 PART I Introduction Getting to Know Your NXC 8160 23 Introducing the Web Configurator 27...
Страница 22: ...22...
Страница 32: ...Chapter 2 Introducing the Web Configurator NXC 8160 User s Guide 32...
Страница 34: ...34...
Страница 64: ...64...
Страница 74: ...74...
Страница 100: ...Chapter 8 Events Reports NXC 8160 User s Guide 100...
Страница 101: ...101 PART V Troubleshooting and Specifications Troubleshooting 103 Product Specifications 107...
Страница 102: ...102...
Страница 110: ...Chapter 10 Product Specifications NXC 8160 User s Guide 110...
Страница 112: ...112...
Страница 136: ...Appendix A Setting Up Your Computer s IP Address NWD271N User s Guide 136...
Страница 160: ...Appendix B Importing Certificates Document Title 160...
Страница 178: ...Appendix D Pop up Windows JavaScripts and Java Permissions NXC 8160 User s Guide 178...
Страница 196: ...Appendix F Legal Information NXC 8160 User s Guide 196...
Страница 202: ...Appendix G Customer Support NXC 8160 User s Guide 202...