PLANET WGSW-50040 User Manual

25-8

Figure

25-9 the Authentication Flow of 802.1x EAP-MD5

2. EAP-TLS Authentication Method

EAP-TLS is brought up by Microsoft based on EAP and TLS protocols. It uses PKI to protect the id

authentication between the supplicant system and the RADIUS server and the dynamically generated session

keys, requiring both the supplicant system and the Radius authentication server to possess digital certificate

to implement bidirectional authentication. It is the earliest EAP authentication method used in wireless LAN.

Since every user should have a digital certificate, this method is rarely used practically considering the difficult

maintenance. However it is still one of the safest EAP standards, and enjoys prevailing supports from the

vendors of wireless LAN hardware and software.

The following figure illustrates the basic operation flow of the EAP-TLS authentication method.