193| 802.1X Auth entication DellPowerConnect W- Series ArubaOS 6.2 | User Guide
SupportedEAP Types
The followingi s the list of supported EAP types.
lPEAP—Protected EAP (PEAP) is an 802.1X authentication method that uses server-sidepublic key certifi cates
to authenticate clients with server. The PEAP authentication creates an encrypted SSL / TLS tunnel between the
client and the authentication server.The exchange of information is encrypted and stored in the tunnel ensuring
the user credentialsare kept secure.
lEAP-GTC—The EAP-GTC (Generic Token Card) type uses clear text method to exchange authentication
controls between clientand server. Since the authentication mechanism uses the one-time tokens (generatedby
the card),this method of credential exchange is considered safe.In additio n,EA P-GTC is usedi nP EAP or
TTLS tunnelsin wi relessenvironments. The EAP -GTC is described in RFC 2284.
lEAP-AKA—The EAP-AKA (Authentication and Key Agreement) authentication mechanism is typi callyused in
mobile networks that include UniversalMobi le Telecommunication Systems (UMTS) and CDMA 2000. This
method uses the informations toredi n theSubscriber Identity Module (SIM) for authentication. The EAP-AKA
is described in RFC 4187.
lEAP-FAST—The EAP-FAST (Flexible Authentication via Secure Tunneling) is an alternative authentication
method to PEAP. This method uses the Protected A ccess Credential(P AC) for verifyingclients o n the network.
The EAP-FAST is described in RFC 48 51.
lEAP-MD5—The EAP-MD5 method verifies MD5 hash of a user password forauthenticati on. This method is
commonly usedi n a trusted network. TheE AP-MD5 is described in RFC 2 284.
lEAP-POTP—The EAP type 3 2 is supported. Complete details are described in RFC 4793.
lEAP-SIM—The EAP-SIM (Subscriber Identity Module) uses Global System for Mobile Communication (GSM)
SubscriberIdentity Module (SIM) for authentication and session key distribution. This authenticati on
mechanismi ncludesnetwork authentication, user anonymity support, resultindicat ion, and fast re-authentication
procedure.Complete details about this authentication mechanism is described in RFC 4186 .
lEAP-TLS—The EAP-TLS (Transport Layer Security) uses Public key Infrastructure (PKI) to set up
authentication with a RADI US serveror any authenticati on server.This method requires the use of a client-side
certificate for communicating with the authentication server. The EAP-TLS i s described in RFC 5216.
lEAP-TLV- The EAP-TLV (type-length-value)method allows you to add addit ional information in an EAP
message.Often this method i s used to provide more information about a EAP message. For example, status
information or authorization data. This method is always used after a typical EAP authenticati on process.
lEAP-TTLS—The EAP-TTLS (TunneledTransport Layer Security) method uses server-side certificates to set up
authentication between clients and servers. Theact uallyauthenticatio n is, however,performed using passwords.
Complete details about EAP-TTLS is described in RFC 5 281.
lLEAP—Lightweight Extensible Authentication Protocol (LEAP) uses dynamic WEP keys and mutual
authentication between client and RADIUS server.
lZLXEAP—This is Zonelabs EAP. Fo r morei nformation,vi sit http: //tools.ietf.org/html/draft-bersani-eap-
synthesis-sharedkeymethods-00#page-30.
Configuring A uthentication with a RA DIUS Server
See Table61 for an overview of the parameters that you need to co nfigureon authenticatio n components when the
authentication server is an 802.1X E AP-compliant RADIUS server.