PLANET XGS3-24040 User Manual

Chapter 47 802.1x Configuration

47-9

The following figure illustrates the basic operation flow of the EAP-TLS authentication method.

Figure

2-10 the Authentication Flow of 802.1x EAP-TLS

3. EAP-TTLS Authentication Method

EAP-TTLS is a product of the cooperation of Funk Software and Certicom. It can provide an authentication as

strong as that provided by EAP-TLS, but without requiring users to have their own digital certificate. The only

request is that the Radius server should have a digital certificate. The authentication of users’ identity is

implemented with passwords transmitted in a safely encrypted tunnel established via the certificate of the

authentication server. Any kind of authentication request including EAP, PAP and MS-CHAPV2 can be

transmitted within TTLS tunnels.

4. PEAP Authentication Method

EAP-PEAP is brought up by Cisco, Microsoft and RAS Security as a recommended open standard. It has long

been utilized in products and provides very good security. Its design of protocol and security is similar to that

of EAP-TTLS, using a server’s PKI certificate to establish a safe TLS tunnel in order to protect user

authentication.