SMC Networks SMCWUSBS-N User Manual

Page 31

Advertising
background image

Wireless Utility Configuration

3-7

network access control that uses a RADIUS server on the local network for user
authentication. The 802.1X standard uses the Extensible Authentication Protocol
(EAP) to pass user credentials (either digital certificates, usernames and
passwords, or other) from the client to the RADIUS server.

Figure 3-6. Profile - 802.1X

EAP Method – Select an 802.1X authentication method.

- PEAP – Protected Extensible Authentication Protocol. PEAP transport securely

sends authentication data by using tunneling between PEAP clients and an
authentication server. PEAP can authenticate wireless LAN clients using only
server-side certificates, thus simplifying the implementation and administration
of a secure wireless LAN.

- TLS / Smart Card – Transport Layer Security. Provides for certificate-based and

mutual authentication of the client and the network. It relies on client-side and
server-side certificates to perform authentication and can be used to dynamically
generate user-based and session-based WEP keys to secure subsequent
communications between the WLAN client and the access point.

- TTLS – Tunneled Transport Layer Security. This security method provides for

certificate-based, mutual authentication of the client and network through an
encrypted channel. Unlike EAP-TLS, EAP-TTLS requires only server-side
certificates.

- EAP-Fast – Flexible Authentication via Secure Tunneling. An authentication

method developed by Cisco. Instead of using a certificate, mutual authentication
is achieved by means of a PAC (Protected Access Credential) which can be
managed dynamically by the authentication server. The PAC can be provisioned
(distributed one time) to the client either manually or automatically. Manual
provisioning is delivery to the client via disk or a secured network distribution
method. Automatic provisioning is an in-band, over the air, distribution. For
tunnel authentication, only "Generic Token Card" authentication is supported
currently.

- MD5-Challenge – Message Digest Challenge. MD5 is an EAP authentication

type that provides base-level EAP support. It provides for only one-way
authentication - there is no mutual authentication of wireless client and the
network.

Advertising
Popular Brands
Popular manuals