Administrator Guide
Dell Networking W-ClearPass Deployment Guide 802.1X EAP-PEAP Reference | 191
Appendix A
802.1X EAP-PEAP Reference
This chapter includes the following information:
l A Tour of the EAP-PEAP-MSCHAPv2 Ladder
A Tour of the EAP-PEAP-MSCHAPv2 Ladder
This section contains the following information:
l About EAP-PEAP MSCHAPv2
l EAP-PEAP MSCHAPv2 Handshake Exchange Summary
About EAP-PEAP MSCHAPv2
The authenticated wireless access design based on Protected Extensible Authentication Protocol Microsoft
Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAPv2) utilizes the user account
credentials (user name and password) stored in Active Directory Domain Services to authenticate wireless
access clients, instead of using smart cards or user and computer certificates for client authentication.
EAP-PEAP MSCHAPv2 Handshake Exchange Summary
Table 39 describes how a typical 802.1X authentication session flows when using W-ClearPass as the
authentication server with Microsoft Active Directory as the back-end user identity repository.
l The term supplicant refers to a client device, such as a laptop, tablet, or mobile phone requesting access to
a network.
l The term authenticator refers to a network device, such as an Dell Mobility Controller or an Instant
Access Point (AP), which controls access to a network resource.
l The term authentication server refers to the W-ClearPass Policy Manager server, which processes the
authentication requests and provides either an accept or reject response.
Each section of Table 39 is followed by a diagram that illustrates the communication steps between the devices
described in the table. The numbers of each step in the table correspond to the numbers assigned to the
handshake sequences in the accompanying illustrations.