Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
723
Views
0
Helpful
1
Replies

802.1x for server authentication

bangelucci
Level 1
Level 1

‎04-19-2005 06:35 AM - edited ‎03-10-2019 02:06 PM

Hello everybody,

this the first time I write on this forum, so please excuse me if I do something wrong.

My objective is to authenticate servers in my customer's server farm, so that none can put an unauthorised server in place.

I am thinking about using 802.1x machine authentication to reach my aim.

Does anybody has experience about similar situations?

The server platforms are:

- Windows 2k Server

- Windows 2k Advanced Server

- Linux Redhat

- IBM AIX

Which are the applicable EAP methods for each platform?

Has anybody experienced the use of 802.1x client such as Meetinghouse or Funk Odissey on the mentioned platforms?

Thank you in advance.

Kind regards,

Barbara

Labels:
0 Helpful
1 Reply 1

owillins
Level 6
Level 6

‎04-25-2005 08:41 AM

EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication

------------------------------------------------------------------------

The support that 802.1X provides for Extensible Authentication Protocol (EAP) types allows you to choose from several different authentication methods for wireless clients and servers.

EAP

-----

802.1X uses EAP for message exchange during the authentication process. With EAP, an arbitrary authentication method, such as certificates, smart cards, or credentials, is used. EAP allows for an open-ended conversation between an EAP client (such as a wireless computer) and an EAP server (such as an Internet Authentication Service (IAS) server). The conversation consists of requests for authentication information by the server and responses by the client. In order for authentication to be successful, the client and the server must use the same authentication method.

EAP-TLS

-----------

EAP-Transport Layer Security (TLS) is an EAP type that is used in certificate-based security environments, and it provides the strongest authentication and key determination method. EAP-TLS provides mutual authentication, negotiation of the encryption method, and encrypted key determination between the client and the authenticating server. If you want to use certificates or smart cards for user and client computer authentication, you must use EAP-TLS or, for enhanced security, Protected EAP (PEAP) with EAP-TLS.

EAP-MS-CHAP v2

----------------------

EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) is a mutual authentication method that supports password-based user or computer authentication. During the EAP-MS-CHAP v2 authentication process, both the server and client must prove that they have knowledge of the user's password in order for authentication to succeed. With EAP-MS-CHAP v2, after successful authentication, users can change their passwords, and they are notified when their passwords expire.

EAP-MS-CHAP v2 is available only with PEAP.

PEAP

--------

PEAP is an authentication method that uses TLS to enhance the security of other EAP authentication protocols. PEAP provides the following benefits: an encryption channel to protect EAP methods running within PEAP, dynamic keying material generated from TLS, fast reconnect (the ability to reconnect to a wireless access point by using cached session keys, which allows for quick roaming between wireless access points), and server authentication that can be used to protect against the deployment of unauthorized wireless access points.

0 Helpful
Customers Also Viewed These Support Documents