1. Home
  2. Zyxel
  3. Zyxel XGS2220-54HP-GB0101F User Manual
  4. Page 598

Zyxel XGS2220-54HP-GB0101F XGS2220-54HP 48-Port GbE L3 Access PoE+ Switch with 6 10G Uplink

Zyxel XGS2220 Series User Guide - Page 598

For XGS2220-54HP-GB0101F.

PDF File Manual, 727 pages, Read Online | Download pdf file

XGS2220-54HP-GB0101F photo
Loading ...
Loading ...
Loading ...
Chapter 77 Port Authentication
XGS2220 Series User’s Guide
598
EAPTLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management
overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side
authentications to establish a secure connection. Client authentication is then done by sending user
name and password through the secure connection, thus client identity is protected. For client
authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP,
MS-CHAP and MS-CHAP v2.
•PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use
simple user name and password methods through the secured connection to authenticate the clients,
thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2
and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by
Cisco.
•LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x.
77.6.4 EAPOL (EAP over LAN)
EAPOL is a port authentication protocol used in IEEE 802.1x. It encapsulates and sends EAP packets from
the LAN. EAPOL exchanges the following messages between a wired client and switch.
•EAPOL-Start
A wired client will send this message to a switch to let it know the wired client is ready.
•EAPOL-Key
The switch will send an encryption key to the wired client. It will be allowed access to the network when
both of the switch and wired client have the correct encryption keys.
•EAP-Packet
Both of the wired client and the switch will send this message to complete the authentication process.
EAPOL-Logoff
This message will be sent when the wired client wants to be disconnected from the network.
EAPOL-Encapsulated-ASF-Alert
This message is sent If the authentication process is not completed yet, and alerts needs to be
forwarded.
Loading ...
Loading ...
Loading ...