Lantronix EMG 8500 EMG User Guide - Page 107
EAP TTLS Inner Authentication, EAP-MSCHAPv2, MSCHAPv2
View all Lantronix EMG 8500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 107 highlights
IEEE 802.1X Parameters, continued 7: Networking PEAP: Protected EAP uses server-side public key certificates to authenticate the EMG with a RADIUS server. PEAP authentication creates an encrypted TLS tunnel between the EMG and the server. The exchange of information is encrypted and stored in the tunnel ensuring the user credentials are kept secure. FAST: Flexible Authentication via Secure Tunneling uses Protected Access Credential (PAC) for verifying clients on the network. Instead of using a certificate to achieve mutual authentication, FAST authenticates by means of a PAC (Protected Access Credential) stored on the EMG, which can be managed dynamically by the authentication server. The PAC can be provisioned (distributed one time) to the client either manually or automatically. Manual provisioning is delivery to the client via disk or a secured network distribution method. Automatic provisioning (used on the EMG) is an in-band distribution. LEAP Configuration: Enter a User Name and Password that can be authenticated by the RADIUS server. The User Name and Password can be up to 63 characters long, and all printable characters are supported. EAP-TLS Configuration: Enter a User Name that can be authenticated by the RADIUS server. The User Name can be up to 63 characters long, and all printable characters are supported. Provide a client side certificate with a Certificate file, Private Key file and Authority Certificate file. The server side certificate can be validated by setting Validate Certificate to Enabled (requires an Authority Certificate); validating server the certificate is highly recommended. Certificate filenames must be unique across all profiles, otherwise certificates for one profile may be overwritten by certificates for another profile. If certificates are used, when saving and restoring configurations, it is recommended that the configuration be saved with SSL Certificates and the configuration be restored with the saved certificates. The Certificate Authority and Certificate are in PEM format (the Certificate Authority may have one or more trusted CA certificates), eg: -----BEGIN CERTIFICATE----(certificate in base64 encoding) -----END CERTIFICATE----- The Key File is in PEM format, eg: -----BEGIN RSA PRIVATE KEY----(private key in base64 encoding) -----END RSA PRIVATE KEY----- EAP-TTLS Configuration: Enter a User Name and Password that can be authenticated by the RADIUS server. The User Name and Password can be up to 63 characters long, and all printable characters are supported. Select the EAP TTLS Inner Authentication used in the TLS tunnel, which can be EAP-MSCHAPv2, MSCHAPv2, MSCHAP, CHAP, PAP or EAP-MD5. EMG™ Edge Management Gateway User Guide 107