Manualshelf

Technical data

ManualsBrandsMeru Networks ManualsComputer equipmentOAP180
181182183184185186187188189190
166 Meru System Director Configuration Guide © 2012 Meru Networks, Inc.
802.1X Authentication
EAP-TLS
EAP-TLS (Transport Layer Security) provides certificate-based mutual authentication
between the client and the network. It relies on client and server certificates to
provide authentication and can be used to dynamically generate user-based and
session-based encryption keys to secure subsequent communications between the
WLAN client and the access point. This type of authentication mechanism requires
the administrator install a Certificate Server to store and distribute user and
computer certificates. Each client will need the certificate to be downloaded and
installed on the wireless client before attempting to use the WLAN. For a large WLAN
installation, this can be a cumbersome task.
EAP-TTLS (Tunneled Transport Layer Security)
EAP-TTLS (Tunneled Transport Layer Security) was developed by Funk Software and
Certicom, as an extension of EAP-TLS. This security method provides for certifi-
cate-based, mutual authentication of the client and network through an encrypted
channel (or tunnel), as well as a means to derive dynamic, per-user, per-session
encryption keys. Unlike EAP-TLS, EAP-TTLS requires only server-side certificates.
LEAP (Lightweight Extensible Authentication Protocol)
LEAP (Lightweight Extensible Authentication Protocol), is an EAP authentication type
used primarily in Cisco Aironet WLANs. It encrypts data transmissions using dynami-
cally generated WEP keys, and supports mutual authentication. Cisco has recently
licensed LEAP to a variety of other manufacturers enabling the usage of other than
Cisco adapters with LEAP.
PEAP (Protected Extensible Authentication Protocol)
PEAP (Protected Extensible Authentication Protocol) provides a method to securely
transport authentication data, including legacy password-based protocols, via 802.11
wireless networks. PEAP accomplishes this by using tunneling between PEAP clients
and an authentication server. Like the competing standard Tunneled Transport Layer
Security (TTLS), PEAP authenticates wireless LAN clients using only server-side
certificates, thus simplifying the implementation and administration of a secure
wireless LAN. Microsoft, Cisco and RSA Security developed PEAP. Note that Cisco's
LEAP authentication server, ACS, recently added support for PEAP.
802.1X EAP Types
Feature/Benefit
MD5 TLS TTLS PEAP LEAP
Client certificate required no yes no no no
Server certificate required no yes yes yes no
WEP key management no yes yes yes yes