Wireless Access

Occasional Contributor I

Please tell me the Answer

A network administrator wants to use unique digital certificates installed on user devices to authenticate wireless users. Which EAP method should the RADIUS server and clients support?


  1. PEAP and MS-CHAPv2


  1. EAP-TLS


  1. EAP-TTLS and MS-CHAPv2


  1. LEAP

Re: Please tell me the Answer

Info regarding EAP  , read more info here:




EAP Summary

 Based on this table, we can draw some reasonably clear conclusions:

  • TLS, while very secure, requires client certificates to be installed on each wireless workstation. Installing and maintaining a PKI infrastructure must be part of any TLS installation and does create more administrative overhead. If a working PKI already exists, TLS is a very good option
  • TTLS addresses the certificate issue by tunneling TLS, and thus eliminating the need for a certificate on the client side. If a working PKI structure does not exist, this is an option worth considering
  • LEAP is one of the earliest EAP implementations; however inherent security flaws have now made it less popular and it is not recommended
  • EAP-FAST promises to be as easy as LEAP but as secure as PEAP, however it has different implementation and operational modes that, ultimately, offer a compromise. The highest security, ultimately, ends up looking very similar to PEAP – without the widespread client support that PEAP enjoys
  • PEAP works similarly to EAP-TTLS in that it does not require a certificate on the client side and is natively supported by many client operating systems. PEAP is the protocol of choice when client-side certificates are not required. When deploying PEAP, EAP-MSChapv2 is likewise the protocol of choice as compared to EAP-GTC. This is primarily due to the fact that EAP-GTC it is not supported by Microsoft’s IAS RADIUS server or the native Windows supplicant
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Occasional Contributor I

Re: Please tell me the Answer

So EAP-TLS is answer

Search Airheads
Showing results for 
Search instead for 
Did you mean: