Appendix B Wireless LANs
VMG5313-B10A/-B30A Series User’s Guide
367
shared key, password information exchanged is also encrypted to protect the network from
unauthorized access.
Types of EAP Authentication
This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and
LEAP. Your wireless LAN device may not support all authentication types.
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE
802.1x transport mechanism in order to support multiple types of user authentication. By using EAP
to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a
RADIUS server perform authentication.
The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that
supports IEEE 802.1x.
For EAP-TLS authentication type, you must first have a wired connection to the network and obtain
the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used
to authenticate users and a CA issues certificates and guarantees the identity of each certificate
owner.
EAP-MD5 (Message-Digest Algorithm 5)
MD5 authentication is the simplest one-way authentication method. The authentication server
sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by
encrypting the password with the challenge and sends back the information. Password is not sent in
plain text.
However, MD5 authentication has some weaknesses. Since the authentication server needs to get
the plaintext passwords, the passwords must be stored. Thus someone other than the
authentication server may access the password file. In addition, it is possible to impersonate an
authentication server as MD5 authentication method does not perform mutual authentication.
Finally, MD5 authentication method does not support data encryption with dynamic session key. You
must configure WEP encryption keys for data encryption.
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the wireless clients for
mutual authentication. The server presents a certificate to the client. After validating the identity of
the server, the client sends a different certificate to the server. The exchange of certificates is done
in the open before a secured tunnel is created. This makes user identity vulnerable to passive
attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity.
However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which
imposes a management overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-
side authentications to establish a secure connection. Client authentication is then done by sending
username and password through the secure connection, thus client identity is protected. For client
authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP,
CHAP, MS-CHAP and MS-CHAP v2.
Содержание VMG5313-B10A
Страница 15: ...15 PART I User s Guide ...
Страница 16: ...16 ...
Страница 32: ...Chapter 2 The Web Configurator VMG5313 B10A B30A Series User s Guide 32 ...
Страница 40: ...Chapter 4 Tutorials VMG5313 B10A B30A Series User s Guide 40 ...
Страница 71: ...71 PART II Technical Reference ...
Страница 72: ...72 ...
Страница 78: ...Chapter 5 Network Map and Status Screens VMG5313 B10A B30A Series User s Guide 78 ...
Страница 106: ...Chapter 6 Broadband VMG5313 B10A B30A Series User s Guide 106 ...
Страница 162: ...Chapter 9 Routing VMG5313 B10A B30A Series User s Guide 162 ...
Страница 180: ...Chapter 10 Quality of Service QoS VMG5313 B10A B30A Series User s Guide 180 ...
Страница 198: ...Chapter 11 Network Address Translation NAT VMG5313 B10A B30A Series User s Guide 198 ...
Страница 210: ...Chapter 14 Interface Group VMG5313 B10A B30A Series User s Guide 210 ...
Страница 218: ...Chapter 15 USB Service VMG5313 B10A B30A Series User s Guide 218 ...
Страница 232: ...Chapter 17 Firewall VMG5313 B10A B30A Series User s Guide 232 ...
Страница 240: ...Chapter 19 Parental Control VMG5313 B10A B30A Series User s Guide 240 ...
Страница 250: ...Chapter 21 Certificates VMG5313 B10A B30A Series User s Guide 250 ...
Страница 296: ...Chapter 23 Voice VMG5313 B10A B30A Series User s Guide 296 ...
Страница 300: ...Chapter 24 Log VMG5313 B10A B30A Series User s Guide 300 ...
Страница 308: ...Chapter 27 xDSL Statistics VMG5313 B10A B30A Series User s Guide 308 ...
Страница 318: ...Chapter 30 Remote Management VMG5313 B10A B30A Series User s Guide 318 ...
Страница 322: ...Chapter 32 TR 064 VMG5313 B10A B30A Series User s Guide 322 ...
Страница 332: ...Chapter 36 Log Setting VMG5313 B10A B30A Series User s Guide 332 ...
Страница 335: ...Chapter 37 Firmware Upgrade VMG5313 B10A B30A Series User s Guide 335 Figure 176 Error Message ...
Страница 336: ...Chapter 37 Firmware Upgrade VMG5313 B10A B30A Series User s Guide 336 ...
Страница 352: ...Chapter 40 Troubleshooting VMG5313 B10A B30A Series User s Guide 352 ...
Страница 353: ...353 PART III Appendices Appendices contain general information Some information may not apply to your device ...
Страница 354: ...354 ...
Страница 374: ...Appendix B Wireless LANs VMG5313 B10A B30A Series User s Guide 374 ...
Страница 390: ...Appendix E Legal Information VMG5313 B10A B30A Series User s Guide 390 ...