PLANET WGSW-52040 User Manual

Figure 42-9: the Authentication Flow of 802.1x EAP-MD5

2. EAP-TLS Authentication Method

EAP-TLS is brought up by Microsoft based on EAP and TLS protocols. It uses PKI to protect

the id authentication between the supplicant system and the RADIUS server and the

dynamically generated session keys, requiring both the supplicant system and the Radius

authentication server to possess digital certificate to implement bidirectional authentication. It

is the earliest EAP authentication method used in wireless LAN. Since every user should have

a digital certificate, this method is rarely used practically considering the difficult maintenance.

However it is still one of the safest EAP standards, and enjoys prevailing supports from the

vendors of wireless LAN hardware and software.

The following figure illustrates the basic operation flow of the EAP-TLS authentication method.

42-143