EAP-Fast or PEAP ??

Unanswered Question
Jun 13th, 2007
User Badges:

Dear All,

we are not sure if we should use EAP-FAST as authentication method or if we should use PEAP or EAP/TTLS. Could you please inform us which one is safer ? For PEAP or EAP/TTLS we would need a Radius Server such as ACS while we could assign an Access Point as local authentication server if we used EAP-Fast. Is the extra cost for an ACS server justified only to be able to use PEAP ? Thanks for your help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ciscors Thu, 06/21/2007 - 16:31
User Badges:

EAP-FAST can be problematic. I suggest PEAP for a variety of reasons the guide goes over and because basically it's better security. However, if you're just talking a few users and not an enterprise deployment, then you can choose EAP-FAST which may be a quicker option for you.

kristjan.edvardsson Thu, 06/21/2007 - 16:33
User Badges:

Also you don?t need ACS for PEAP. MS IAS can do that for you. The thing about ACS is that

it is there for many other things thatn wireless. TACACS authentication on you devices, security logs. VPN authentication, and can connect OTP solutions on top of ACS (From other vendors like RSA) When migrating from LEAP EAP-FAST is the easiest way to go since EAP-FAST was designed to take over LEAP with less impact on your configuration and migration is easy since you are then running a ACS. The market acctually demanded EAP-FAST cause there was need for a solution that was mroe secure than LEAP and PEAP-mschapv2 (both shared secret mecanisms) and something less complicated that PKI solutions. The answer was EAP-FAST with its easy to setup "mini certificate" setup which can be preety well automated. PKI PEAP with certificates is a major decission and you have to be ready to manage a PKI solution all year long. This might require extra presonell to take care of it. But of course those solution will be the most secure.

regards. Kristjan Edvardsson

Sensa ehf. Cisco Silver Partner


This Discussion



Trending Topics - Security & Network