06-13-2007 12:09 AM - edited 07-03-2021 02:12 PM
Dear All,
we are not sure if we should use EAP-FAST as authentication method or if we should use PEAP or EAP/TTLS. Could you please inform us which one is safer ? For PEAP or EAP/TTLS we would need a Radius Server such as ACS while we could assign an Access Point as local authentication server if we used EAP-Fast. Is the extra cost for an ACS server justified only to be able to use PEAP ? Thanks for your help.
06-14-2007 07:16 AM
I'd suggest you take a look at this guide:
http://downloads.techrepublic.com.com/abstract.aspx?docid=277380
Read it and draw your own conclusions. Each method will have pros and cons and you know your network better than the rest of us.
06-21-2007 04:31 PM
EAP-FAST can be problematic. I suggest PEAP for a variety of reasons the guide goes over and because basically it's better security. However, if you're just talking a few users and not an enterprise deployment, then you can choose EAP-FAST which may be a quicker option for you.
06-21-2007 04:33 PM
Also you don?t need ACS for PEAP. MS IAS can do that for you. The thing about ACS is that
it is there for many other things thatn wireless. TACACS authentication on you devices, security logs. VPN authentication, and can connect OTP solutions on top of ACS (From other vendors like RSA) When migrating from LEAP EAP-FAST is the easiest way to go since EAP-FAST was designed to take over LEAP with less impact on your configuration and migration is easy since you are then running a ACS. The market acctually demanded EAP-FAST cause there was need for a solution that was mroe secure than LEAP and PEAP-mschapv2 (both shared secret mecanisms) and something less complicated that PKI solutions. The answer was EAP-FAST with its easy to setup "mini certificate" setup which can be preety well automated. PKI PEAP with certificates is a major decission and you have to be ready to manage a PKI solution all year long. This might require extra presonell to take care of it. But of course those solution will be the most secure.
regards. Kristjan Edvardsson
Sensa ehf. Cisco Silver Partner
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide