AP-5131 Access Point Product Reference Guide
6-64
Default
Authentication
Type
Specify a PEAP and/or TTLS Authentication Type for EAP to use
from the drop-down menu to the right of each checkbox item.
PEAP options include:
•GTC - EAP Generic Token Card (GTC) is a challenge
handshake authentication protocol using a hardware token
card to provide the response string.
MSCHAP-V2 - Microsoft CHAP (MSCHAP-V2) is an encrypted
authentication method based on Microsoft's challenge/
response authentication protocol.
TTLS options include:
•PAP - Password Authentication Protocol sends a username
and password over a network to a server that compares the
username and password to a table of authorized users. If the
username and password are matched in the table, server
access is authorized. WatchGuard products do not support
the PAP protocol because the username and password are
sent as clear text that a hacker can read.
MD5 - This option enables the MD5 algorithm for data verification. MD5 takes as input a message of arbitrary length and produces a 128- bit fingerprint. The MD5 algorithm is intended for digital signature applications, in which a large file must be compressed in a secure manner before being encrypted with a private (secret) key under a public-key cryptographic system.
MSCHAP-V2 - Microsoft CHAP (MSCHAP-V2) is an encrypted
authentication method based on Microsoft's challenge/
response authentication protocol.
Server Certificate If you have a server certificate from a CA and wish to use it on the
Radius server, select it from the drop-down menu. Only certificates
imported to the AP-5131 are available in the menu.For information
on creating a certificate, see Creating Self Certificates for
Accessing the VPN on page 4-10.
CA Certificate You can also choose an imported CA Certificate to use on the
Radius server. If using a server certificate signed by a CA, import
that CA's root certificate using the CA certificates screen (for
information, see Importing a CA Certificate on page 4-9). After a
valid CA certificate has been imported, it is available from the CA
Certificate drop-down menu.