Client certification – 802.1x, Client, Certification – 802.1x – AirLive WN-301USB User Manual

25

WN-301USB User’s Manual

2.6. Client Certification – 802.1x

EAP Method:

The EAP authentication protocols supported by this adapter require that settings be consistent with the

wireless access points or routers that the adapter is intended to connect.

• PEAP & TTLS: These protocols are similar and easier to use than TLS in that they specify a

stand-alone authentication protocol to be used within an encrypted tunnel. TTLS supports any

protocol .within its tunnel, including CHAP, MS-CHAP, MS-CHAPv2, PAP and EAP-MD5. PEAP

specifies that an EAP-compliant authentication protocol be used; this adapter supports EAP-MSCHAP

v2, EAP-TLS/ Smart Card and Generic Token Card. The client certificate is optional.

• TLS/Smart Card: This is the most secure of the EAP protocols, but .isn’t easy to use: It requires that

digital certificates be exchanged in the authentication phase. The server presents a certificate to the

client and, after validating the server’s certificate, the client presents a client certificate to the server for

validation.

Session Resumption:

Click/check the box to activate or de-activate.

ID/Password:

Enter the password as the identity for the server.

Client Certification:

A client certificate is required for TLS, but is optional for TTLS and PEAP. This forces a client certificate

to be selected from the appropriate Windows Certificate Store and made available to the RADIUS

server for certification.

Tunneled Authentication/Protocol:

When the authentication type is PEAP or TTLS, select a protocol for building the encrypted tunnel.

Tunnel Authentication:

Select one of three options from the drop- down menu: “EAP-MSCHAPv2,” “EAP-TLS/Smart card” or

“Generic Token Card.”