2 eap termination mode – QTECH QSW-3400 Инструкция по настройке User Manual

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

328

safely encrypted tunnel established via the certificate of the authentication server. Any kind of

authentication request including EAP, PAP and MS-CHAPV2 can be transmitted within TTLS

tunnels.

4. PEAP Authentication Method

EAP-PEAP is brought up by Cisco, Microsoft and RAS Security as a recommended open

standard. It has long been utilized in products and provides very good security. Its design of

protocol and security is similar to that of EAP-

TTLS, using a server’s PKI certificate to

establish a safe TLS tunnel in order to protect user authentication.

The following figure illustrates the basic operation flow of PEAP authentication method.

the Authentication Flow of 802.1x PEAP

40.1.5.2 EAP Termination Mode

In this mode, EAP messages will be terminated in the access control unit and mapped into

RADIUS messages, which is used to implement the authentication, authorization and fee-

counting. The basic operation flow is illustrated in the next figure.

In EAP termination mode, the access control unit and the RADIUS server can use PAP or

CHAP authentication method. The following figure will demonstrate the basic operation flow