10-15-2019 03:38 AM
A network administrator wants to use unique digital certificates installed on user devices to authenticate wireless users. Which EAP method should the RADIUS server and clients support?
- PEAP and MS-CHAPv2
- EAP-TTLS and MS-CHAPv2
Solved! Go to Solution.
10-15-2019 03:58 AM - edited 10-15-2019 04:13 AM
Info regarding EAP , read more info here:
Based on this table, we can draw some reasonably clear conclusions:
- TLS, while very secure, requires client certificates to be installed on each wireless workstation. Installing and maintaining a PKI infrastructure must be part of any TLS installation and does create more administrative overhead. If a working PKI already exists, TLS is a very good option
- TTLS addresses the certificate issue by tunneling TLS, and thus eliminating the need for a certificate on the client side. If a working PKI structure does not exist, this is an option worth considering
- LEAP is one of the earliest EAP implementations; however inherent security flaws have now made it less popular and it is not recommended
- EAP-FAST promises to be as easy as LEAP but as secure as PEAP, however it has different implementation and operational modes that, ultimately, offer a compromise. The highest security, ultimately, ends up looking very similar to PEAP – without the widespread client support that PEAP enjoys
- PEAP works similarly to EAP-TTLS in that it does not require a certificate on the client side and is natively supported by many client operating systems. PEAP is the protocol of choice when client-side certificates are not required. When deploying PEAP, EAP-MSChapv2 is likewise the protocol of choice as compared to EAP-GTC. This is primarily due to the fact that EAP-GTC it is not supported by Microsoft’s IAS RADIUS server or the native Windows supplicant
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************