Comparison of 802.1X Authentication Methods
There are a lot of differences among PEAP, Cisco Wireless EAP, EAP-TLS, and EAPFAST.
To help sort the attributes of these protocols, Table 4-1 compares the various
features of these different authentication methods.
Table 4-1 Comparing 802.1X Authentication Methods
Characteristics EAP-TLS
Cisco
Wireless
EAP
PEAP Version 1
(with Generic
Token Card)
PEAP Version 0
(with MS-CHAP
Version 2) EAP-FAST
User
Authentication
Database and
Server
OTP
LDAP
Novell NDS
Windows NT
Domains
Active
Directory
Windows
NT
Domains
Active
Directory
OTP
LDAP
Novell NDS
Windows NT
Domains
Active
Directory
Windows NT
Domains
Active
Directory
Windows
NT Domains
Active
Directory
LDAP
Server
Certificates
Required?
Yes No Yes Yes No
Client
Certificates
Required?
Yes No No No No
Operating
Systems
Windows XP/
2000/CE
Other OSes
supported
with thirdparty
utility.
Windows
98/2000/
NT/ME/
XP/CE
Mac OS
Linux
DOS
Windows XP/
2000/CE
Other OSes
supported with
third-party
utility.
Windows XP/
2000/CE
Other OSes
supported with
third-party
utility.
Windows
XP/2000/CE
Other OSes
supported
with thirdparty
utility.
Characteristics
EAP-TLS
Cisco
Wireless
EAP
PEAP Version 1
(with Generic
Token Card)
PEAP Version 0
(with MS-CHAP
Version 2) EAP-FAST
Wi-Fi Protected Access (WPA) 77
Wi-Fi Protected Access (WPA)
Another means of WLAN security comes in the form of Wi-Fi Protected Access
(WPA). WPA was introduced in 2003 by the Wi-Fi Alliance, a nonprofit association
that certifies WLAN product interoperability based on IEEE 802.11 specifications.
Two versions of WPA exist: WPA and WPA2. They are described in the sections that
follow.
WPA
WPA was designed as a replacement for WEP. The Temporal Key Integrity Protocol
(TKIP) is an improvement over WEP. It causes keys to automatically change, and when
used in conjunction with a larger initialization vector (IV), it makes discovering keys
highly unlikely.
Credentials
Used
Digital
certificate
Windows
password
Clients:
Windows,
Novell NDS,
LDAP password,
and OTP
or token.
Server: Digital
certificate
Windows
password
Server: Digital
certificate
Windows
password,
LDAP user
ID and
password
PAC
Single Sign-On
Using
Windows
Login?
Yes Yes No Yes Yes
Password
Expiration and
Change?
– No No Yes Yes
Fast Secure
Roaming
Compatible?
No Yes No No Yes
WPA
Compatible?
Yes Yes Yes Yes Yes