Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
1-30
Introduction
ProCurve Wireless Edge Services zl Module
EAP Methods. This section gives a brief overview of common EAP methods so
that you can choose the method best for your environment.
EAP-TLS uses digital certificates and an automatic TLS handshake to authenticate
both stations and servers. This method requires a full public key infrastructure (PKI).
EAP-TTLS and PEAP support wireless stations that do not use digital certificates.
These EAP methods use the TLS handshake to create a secure tunnel over which the
station can authenticate itself with another, less secure method. This inner method
typically involves sending a username and password.
Wireless phones can use EAP-SIM to authenticate, automatically sending infor-
mation stored on a smartcard rather than relying on a user to enter login credentials.
EAP-GTC is an early EAP method that requires users to enter information, usually
read from a token card. Sometimes, however, the user simply enters a password.
Table 1-1 compares EAP methods and the support that the Wireless Edge Services
zl Module provides for them.
Table 1-1. EAP Methods and the Wireless Edge Services zl Module
EAP authentication also requires that the RADIUS server authenticate itself to
wireless stations with a server certificate. For more information about how the
Wireless Edge Services zl Module uses and acquires certificates, see “PKI and Digital
Certificates” on page 1-42.
EAP Type Requirement Module Support
EAP-TLS digital certificate on both the server and the
wireless stations
authenticator or the authentication server
EAP-TTLS with PAP or
MD6
digital certificate on the server
user-entered name and password
the authenticator or the authentication
server
PEAP MS-CHAP v2 digital certificate on the server
user-entered name and password
the authenticator or the authentication
server
EAP-SIM Global System for Mobile communications
(GSM) smartcard on the wireless station
(phone)
the authenticator
EAP-GTC user-entered token card information or
password
the authenticator