Cisco AIR-CB21AG-W-K9 Configuration Guide - Page 55

3 C H A P T E R Configuring EAP Types This chapter explains the EAP types that are used for authenication to wireless networks. The following topics are covered: • Overview of EAP-FAST, page 3-1 • How EAP-FAST Works, page 3-2 • Configuring EAP-FAST, page 3-4 • Overview of LEAP, page 3-17 • How LEAP Works, page 3-17 • Configuring LEAP, page 3-18 • Overview of PEAP-GTC, page 3-21 • How PEAP-GTC Works, page 3-22 • Configuring PEAP-GTC, page 3-23 Overview of EAP-FAST Note For additional information about EAP-FAST, see RFC4851. EAP-FAST is an EAP method that enables secure communication between a client and an authentication server by using Transport Layer Security (TLS) to establish a mutually authenticated tunnel. Within the tunnel, data in the form of type, length, and value (TLV) objects are used to send further authentication-related data between the client and the authentication server. EAP-FAST supports the TLS extension as defined in RFC 4507 to support the fast re-establishment of the secure tunnel without having to maintain per-session state on the server. EAP-FAST-based mechanisms are defined to provision the credentials for the TLS extension. These credentials are called Protected Access Credentials (PACs). EAP-FAST provides the following: • Mutual authentication An EAP server must be able to verify the identity and authenticity of the client, and the client must be able to verify the authenticity of the EAP server. • Immunity to passive dictionary attacks Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide for Windows Vista OL-16534-01 3-1