beautypg.com

Scu eap types – Psion Teklogix Vehicle-Mount Computer 8525 G2 User Manual

Page 55

background image

Psion Teklogix 8525 G2/8530 G2 Vehicle-Mount Computer User Manual

31

Chapter 2: Basic Checkout

SCU Security Capabilities

Common EAP types include:

EAP-TLS: Uses the same technology as a follow-on to Secure Socket
Layer (SSL). It provides strong security, but relies on client certificates for
user authentication.

PEAP: Provides secure user authentication by using a TLS tunnel to
encrypt EAP traffic. Two different inner methods are used with PEAP:

EAP-MSCHAPV2, resulting in PEAP-MSCHAP: This is appropriate
for use against Windows Active Directory and domains.

EAP-GTC, resulting in PEAP-GTC: This is for authentication with one-
time passwords (OTPs) against OTP databases such as SecureID.

LEAP: Is an authentication method for use with Cisco WLAN access
points. LEAP does not require the use of server or client certificates. LEAP
supports Windows Active Directory and domains but requires the use of
strong passwords to avoid vulnerability to offline dictionary attacks.

EAP-FAST: Is a successor to LEAP and does not require strong passwords
to protect against offline dictionary attacks. Like LEAP, EAP-FAST does
not require the use of server or client certificates and supports Windows
Active Directory and domains.

Note: PEAP and EAP-TLS require the use of Windows facilities for the configu-

ration of digital certificates.

SCU EAP Types

The following EAP types are supported by the integrated supplicant and can be
configured in SCU: PEAP-MSCHAP, PEAP-GTC, LEAP and EAP-FAST. With
each of these four types, if authentication credentials are not stored in the config,
you will be prompted to enter credentials the first time the radio attempts to
associate to an access point that supports 802.1X (EAP).
Consider the following when configuring one of the EAP types:

PEAP-GTC: SCU supports static (login) passwords only.

LEAP: Strong passwords are recommended.

EAP-FAST: SCU supports automatic, not manual, PAC provisioning.

EAP-TLS will work with a Summit DC-802.11_SC_CF (Model #RA2041) radio
module when Windows Zero Config (WZC) rather than the SCU is used to configure
the type. With WZC, the native Windows supplicant instead of the SCU integrated
supplicant is used.