ZyXEL Communications ZyXEL ZyAIR B-1000 User Manual

ZyAIR Access Point Series User’s Guide

F-2

Types of EAP Authentication

hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5 and EAP-
MSCHAPv2, for client authentication.

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys
for data encryption. They are often deployed in corporate environments, but for public deployment, simple
user name and password pair is more practical. The following table is a comparison of the features of four
authentication types.

Comparison of EAP Authentication Types

EAP-MD5

EAP-TLS

EAP-TTLS

PEAP

Mutual
Authentication

No Yes Yes Yes

Certificate – Client

No Yes

Optional

Optional

Certificate – Server

No Yes Yes Yes

Dynamic Key
Exchange

No Yes Yes Yes

Credential Security

None Strong Strong Strong

Deployment
Difficulty

Easy Hard

Moderate

Moderate

Wireless Security

Poor Best Good Good

Client Identity
Protection

No No Yes Yes