Filter
Top Products
480 Configuring AAA for network users
NN47250-500 (320657-F Version 02.01)
IEEE 802.1X Extensible Authentication Protocol types
Extensible Authentication Protocol (EAP) is a generic point-to-point protocol that supports multiple authenti-
cation mechanisms. EAP has been adopted as a standard by the Institute of Electrical and Electronic Engineers
(IEEE). IEEE 802.1X is an encapsulated form for carrying authentication messages in a standard message
exchange between a user (client) and an authenticator.
Table 1 summarizes the EAP protocols (also called types or methods) supported by WSS Software.
Table 1: EAP Authentication Protocols for local processing
EAP Type Description Use Considerations
EAP-MD5
(EAP with
Message Digest
Algorithm 5)
Authentication
algorithm that uses a
challenge-response
mechanism to
compare hashes
Wired authentication
only 1
1. EAP-MD5 does not work with Microsoft wired authentication clients.
This protocol
provides no
encryption or
key
establishment.
EAP-TLS
(EAP with
Transport Layer
Security)
Protocol that provides
mutual
authentication,
integrity-protected
encryption algorithm
negotiation, and key
exchange. EAP-TLS
provides encryption
and data integrity
checking for the
connection.
Wireless and wired
authentication.
All authentication is
processed on the
WSS.
This protocol
requires X.509
public key
certificates on
both sides of
the connection.
Requires use of
local database.
Not supported
for RADIUS.
PEAP-MS-
CHAP-V2
(Protected EAP
with Microsoft
Challenge
Handshake
Authentication
Protocol
version 2)
The wireless client
authenticates the
server (either the
WSS or a RADIUS
server) using TLS to
set up an encrypted
session. Mutual
authentication is
performed by
MS-CHAP-V2.
Wireless and wired
authentication:
• The PEAP portion is
processed on the WSS.
• The MS-CHAP-V2
portion is processed on
the RADIUS server or
locally, depending on the
configuration.
Only the server
side of the
connection
requires a
certificate.
The client
needs only a
username and
password.