Filter
Top Products
193 | 802.1XAuthentication DellPowerConnectW-SeriesArubaOS6.2 | User Guide
Supported EAP Types
The following is the list of supported EAP types.
l PEAP—Protected EAP (PEAP) is an 802.1X authentication method that uses server-side public key certificates
to authenticate clients with server. The PEAP authentication creates an encrypted SSL / TLS tunnel between the
client and the authentication server. The exchange of information is encrypted and stored in the tunnel ensuring
the user credentials are kept secure.
l EAP-GTC—The EAP-GTC (Generic Token Card) type uses clear text method to exchange authentication
controls between client and server. Since the authentication mechanism uses the one-time tokens (generated by
the card), this method of credential exchange is considered safe. In addition, EAP-GTC is used in PEAP or
TTLS tunnels in wireless environments. The EAP-GTC is described in RFC 2284.
l EAP-AKA—The EAP-AKA (Authentication and Key Agreement) authentication mechanism is typically used in
mobile networks that include Universal Mobile Telecommunication Systems (UMTS) and CDMA 2000. This
method uses the information stored in the Subscriber Identity Module (SIM) for authentication. The EAP-AKA
is described in RFC 4187.
l EAP-FAST—The EAP-FAST (Flexible Authentication via Secure Tunneling) is an alternative authentication
method to PEAP. This method uses the Protected Access Credential (PAC) for verifying clients on the network.
The EAP-FAST is described in RFC 4851.
l EAP-MD5—The EAP-MD5 method verifies MD5 hash of a user password for authentication. This method is
commonly used in a trusted network. The EAP-MD5 is described in RFC 2284.
l EAP-POTP—The EAP type 32 is supported. Complete details are described in RFC 4793.
l EAP-SIM—The EAP-SIM (Subscriber Identity Module) uses Global System for Mobile Communication (GSM)
Subscriber Identity Module (SIM) for authentication and session key distribution. This authentication
mechanism includes network authentication, user anonymity support, result indication, and fast re-authentication
procedure. Complete details about this authentication mechanism is described in RFC 4186.
l EAP-TLS—The EAP-TLS (Transport Layer Security) uses Public key Infrastructure (PKI) to set up
authentication with a RADIUS server or any authentication server. This method requires the use of a client-side
certificate for communicating with the authentication server. The EAP-TLS is described in RFC 5216.
l EAP-TLV- The EAP-TLV (type-length-value) method allows you to add additional information in an EAP
message. Often this method is used to provide more information about a EAP message. For example, status
information or authorization data. This method is always used after a typical EAP authentication process.
l EAP-TTLS—The EAP-TTLS (Tunneled Transport Layer Security) method uses server-side certificates to set up
authentication between clients and servers. The actually authentication is, however, performed using passwords.
Complete details about EAP-TTLS is described in RFC 5281.
l LEAP—Lightweight Extensible Authentication Protocol (LEAP) uses dynamic WEP keys and mutual
authentication between client and RADIUS server.
l ZLXEAP—This is Zonelabs EAP. For more information, visit http: //tools.ietf.org/html/draft-bersani-eap-
synthesis-sharedkeymethods-00#page-30.
Configuring Authentication with a RADIUS Server
See Table 61 for an overview of the parameters that you need to configure on authentication components when the
authentication server is an 802.1X EAP-compliant RADIUS server.