Peap (protected eap), Leap, Table 241 comparison of eap authentication types – ZyXEL Communications ZyXEL ZyWALL 35 User Manual

ZyWALL 35 User’s Guide

618

Appendix H Types of EAP Authentication

PEAP (Protected EAP)

Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection,
then use simple username and password methods through the secured connection to
authenticate the clients, thus hiding client identity. However, PEAP only supports EAP
methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card),
for client authentication. EAP-GTC is implemented only by Cisco.

LEAP

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of
IEEE802.1x.

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use
dynamic keys for data encryption. They are often deployed in corporate environments, but for
public deployment, a simple user name and password pair is more practical. The following
table is a comparison of the features of five authentication types.

Table 241 Comparison of EAP Authentication Types

EAP-MD5

EAP-TLS

EAP-TTLS

PEAP

LEAP

Mutual Authentication

No

Yes

Yes

Yes

Yes

Certificate – Client

No

Yes

Optional

Optional

No

Certificate – Server

No

Yes

Yes

Yes

No

Dynamic Key Exchange

No

Yes

Yes

Yes

Yes

Credential Integrity

None

Strong

Strong

Strong

Moderate

Deployment Difficulty

Easy

Hard

Moderate

Moderate

Moderate

Client Identity Protection

No

No

Yes

Yes

No