Brocade Mobility 7131N-FGR Access Point Product Reference Guide (Supporting software release 4.0.0.0-35GRN and later) User Manual
Page 215
Brocade Mobility 7131N-FGR Product Reference Guide
203
53-1001947-01
Configuring user authentication
6
3. Use the TTLS/PEAP Configuration field to specify the Radius Server default EAP type, EAP
authentication type and a Server or CA certificate (if used).
EAP Type
Use the EAP Type checkboxes to enable the default EAP type(s) for
the Radius server. Options include:
•
PEAP - Select the PEAP checkbox to enable both PEAP types
(GTC and MSCHAP-V2) available to the access point. PEAP
uses a TLS layer on top of EAP as a carrier for other EAP
modules. PEAP is an ideal choice for networks using legacy
EAP authentication methods.
•
TTLS - Select the TTLS checkbox to enable all three TTLS
types (MD5, PAP and MSCHAP-V2) available to the access
point.TTLS is similar to EAP-TLS, but the client authentication
portion of the protocol is not performed until after a secure
transport tunnel is established. This allows EAP-TTLS to
protect legacy authentication methods used by some RADIUS
servers.
•
TLS - The TLS checkbox is selected but disabled by default
and resides in the background as it does not contain user
configurable parameters.
Default Authentication
Type
Specify a PEAP and/or TTLS Authentication Type for EAP to use
from the drop-down menu to the right of each checkbox item. PEAP
options include:
•
GTC - EAP Generic Token Card (GTC) is a challenge
handshake authentication protocol using a hardware token
card to provide the response string.
•
MSCHAP-V2 - Microsoft CHAP (MSCHAP-V2) is an encrypted
authentication method based on Microsoft's
challenge/response authentication protocol.
TTLS options include:
•
PAP - Password Authentication Protocol sends a username
and password over a network to a server that compares the
username and password to a table of authorized users. If the
username and password are matched in the table, server
access is authorized. WatchGuard products do not support
the PAP protocol because the username and password are
sent as clear text that a hacker can read.
•
MD5 - This option enables the MD5 algorithm for data
verification. MD5 takes as input a message of arbitrary
length and produces a 128- bit fingerprint. The MD5
algorithm is intended for digital signature applications, in
which a large file must be compressed in a secure manner
before being encrypted with a private (secret) key under a
public-key cryptographic system.
•
MSCHAP-V2 - Microsoft CHAP (MSCHAP-V2) is an encrypted
authentication method based on Microsoft's
challenge/response authentication protocol.