Filter
Top Products
Appendix B - Wireless Technology
166
MVP-8400i 8.4" Modero® ViewPoint® Touch Panel with Intercom
EAP Authentication
EAP (Extensible Authentication Protocol) is an Enterprise authentication protocol that can be used in both a wired and
wireless network environment. EAP requires the use of an 802.1x Authentication Server, also known as a Radius server.
Although there are currently over 40 different EAP methods defined, the current internal Modero 802.11g wireless card
and accompanying firmware only support the following EAP methods (listed from simplest to most complex):
EAP-LEAP (Cisco Light EAP)
EAP-FAST (Cisco Flexible Authentication via Secure Tunneling, a.k.a. LEAPv2)
The following use certificates:
EAP-PEAP (Protected EAP)
EAP-TTLS (Tunneled Transport Layer Security)
EAP-TLS (Transport Layer Security)
EAP requires the use of an 802.1x authentication server (also known as a Radius server). Sophisticated Access Points
(such as Cisco) can use a built-in Radius server. The most common RADIUS servers used in wireless networks today
are:
Microsoft Sever 2003
Juniper Odyssey (once called Funk Odyssey)
Meetinghouse AEGIS Server
DeviceScape RADIUS Server
Cisco Secure ACS
EAP characteristics
The following table outlines the differences among the various EAP Methods from most secure (at the top) to the least
secure (at the bottom of the list):
EAP communication overview
EAP Authentication goes a step beyond just encrypting data transfers, but also requires that a set of credentials be
validated before the client (panel) is allowed to connect to the rest of the network (
FIG. 77). Below is a description of
this process. It is important to note that there is no user intervention necessary during this process. It proceeds
automatically based on the configuration parameters entered into the panel.
EAP Method Characteristics
Method: Credential Type: Authentication: Pros: Cons:
EAP-TLS • Certificates • Certificate is based on
a
two-way authentication
• Highest
Security
• Difficult to
deploy
EAP-TTLS • Certificates
• Fixed Passwords
• One-time
passwords
(tokens)
• Client authentication is
done via password and
certificates
• Server authentication
is done via certificates
• High
Security
• Moderately
difficult to
deploy
EAP-PEAP • Certificates
• Fixed Passwords
• One-time
passwords
(tokens)
• Client authentication is
done via password and
certificates
• Server authentication
is done via certificates
• High
Security
• Moderately
difficult to
deploy
EAP-LEAP • Certificates
• Fixed Passwords
• One-time
passwords
(tokens)
• Authentication is
based on MS-CHAP
and
MS-CHAPv2
authentication
protocols
• Easy
deployment
• Susceptible
to
dictionary
attacks
EAP-FAST • Certificates
• Fixed Passwords
• One-time
passwords
(tokens)
•N/A •N/A •N/A